It is HIPAA - The Health Insurance Portability and Accountability Act.
It covers way more than just encrypting data. Like Pat said, it is a
process. Even paper records have to have a chain of command and
security. So when you see the files in the reception area at your
doctor's office, unless they are tagged with signatures of who has them,
they are not in compliance. The fine for violation is up to $250,000 and
jail time for the doctor.
And, btw, the line in the sand constantly shifts. It was supposed to be
completed by 1999, then 2001, then 2003, now it looks like 2009. (It's
the Insurance companies that are pushing for EMD and EDI transactions).
Even dentists have to comply.
One of the purposes of the Health Insurance Portability and
Accountability Act (HIPAA), which was passed in 1996, is to encourage
the efficient use of electronic data interchange in the health care
system. The HIPAA subtitle standardizes specific electronic transactions
used in the health care arena by requiring that certain formats and
specified code sets be used.
There are specialists that you can partner with. (I partner with
Threadfin Consulting).
Most doctors work with a hospital. The Hosp Admin has to understand
HIPAA for federal dollars. Also, they have to assign a HIPAA Compliance
Officer - under the CYA policy so you have someone to blame, hire and
put in jail, like CFO's under the SOX. The Hospital is your best bet.
Plus check with the local AMA and ADA for meetings. They will be talking
HIPAA all next year. It is really about getting rid of FUD and putting a
process in place.
You can make them warm and fuzzy selling IPSec wrapped in WEP wrapped in
Nstream with Firewalls on both ends, but the Act is ultimately about
safe, secure use of medical information. So data security, data storage,
back-up and retrieval. Physical storage as well as electronic.
That's my 2 cents.
Peter @ RAD-INFO, Inc.
Tom DeReggi wrote:
John,
There is no HIPPA certification for a broadband connection. HIPPA is
an overall concept to have a medical intity secure it's customer
records.
As mentioned at this year's ISPCON CEO Session, the HIPPA compliance
manual is about 3 inches thick, and thats hard to sum up in a few
words. And most of it won't apply to making your service HIPPA compliant.
My advice is to partner with a consulting company that offers HIPPA
compliant consulting services to hospitols and doctors, and make sure
they know who you are, and recommend your service.
--
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
