Dr. Slater,

I think what you've noticed is that the discussion about 
HIPAA has gone from external forums to internal 
implementation.  Specifically, everyone is now going crazy 
implementing their systems and changing business processes to 
get compliant.  

I have not seen much speculation as to what would happen if 
an outfit chooses to not comply with HIPAA. I believe in a 
worse case fines could be brought.  Perhaps also a 
hospital's/clinic's JACHO accreditation threatened.  But the 
latter is just a guess.  There has been quite a bit of 
discussion at HIMMS I understand about legal issues (civil 
suits) that might arise.

Having said that I do think some organizations are adopting 
the buy-a-cheap-system-and-call-it-due-diligence approach, 
which IMHO is dubious.

Richard Schilling



---- Original message ----
>Date: Sat, 1 Mar 2003 10:23:04 -0500
>From: "Bruce Slater, MD" <[EMAIL PROTECTED]>  
>Subject: Re: HIPAA watered down?  
>To: <[EMAIL PROTECTED]>
>
>Is it my imagination, or has HIPAA progressed from a roaring 
lion-like formidable regulatory project likely to cost more 
than Y2K to a meowing kitten that can be finessed with 
minimal cost?
>
>If a practice completely ignored HIPAA, how much out of 
compliance would they be?
>
>(not that I am suggesting doing that, I think the original 
HIPAA had some good aspects)
>  ----- Original Message ----- 
>  From: david derauf 
>  To: [EMAIL PROTECTED] 
>  Sent: Friday, February 28, 2003 4:27 PM
>
>
>   Security rule omits encryption requirement 
>
>  February 27, 2003 
>
>  The final HIPAA data security rule does not require health 
care organizations to encrypt electronically transmitted 
health data, but orders them to determine on their own 
whether they should use encryption. The change is one of 
several intended to help organizations meet the final 
security regulations, Health Data Management reports.
>
>  Many providers, however, will choose to encrypt protected 
health information, especially data in payment transactions. 
To protect themselves from liability, providers may demand 
that payers and other financial institutions also encrypt 
personal health data, according to John Casillas, founder of 
The Medical Banking Project, a research group focused on the 
impact of information technology and HIPAA on the health care 
and financial sectors.
>
>  "Providers are the ones on the line and will want to make 
sure their data is protected throughout the entire banking 
system," Casillas said (2/26). 
>
>________________
>spacer.gif 1k bytes

Reply via email to