|
Is it my imagination, or has HIPAA progressed from
a roaring lion-like formidable regulatory project likely to cost more than Y2K
to a meowing kitten that can be finessed with minimal cost?
If a practice completely ignored HIPAA, how much
out of compliance would they be?
(not that I am suggesting doing that, I think the
original HIPAA had some good aspects)
----- Original Message -----
Sent: Friday, February 28, 2003 4:27
PM
Security rule omits encryption
requirement
February 27,
2003
The final HIPAA data security rule does not require health
care organizations to encrypt electronically transmitted health data, but
orders them to determine on their own whether they should use encryption. The
change is one of several intended to help organizations meet the final
security regulations, Health Data Management reports.
Many providers, however, will
choose to encrypt protected health information, especially data in payment
transactions. To protect themselves from liability, providers may demand that
payers and other financial institutions also encrypt personal health data,
according to John Casillas, founder of The
Medical Banking Project, a
research group focused on the impact of information technology and HIPAA on
the health care and financial sectors.
“Providers are the ones on the
line and will want to make sure their data is protected throughout the entire
banking system,” Casillas said (2/26).
|
