By Ken Rashbaum Submitted On April 01, 2010
The advent of the Electronic Health Record ("EHR") holds the potential to alter the paradigm of medical care. In this modern age a patient's information or lab results can be zipped to a Dr.'s phone where he can analyze them instantly. Nurses can enter/retrieve notes and findings on a patient's emergency room treatment from a nurses' station, a laptop or a portable device from anywhere in the hospital, rather than waiting for the paper chart to make its tortuous way up several stories to the patient's room. And, perhaps within the next few years, a patient's information can be sent anywhere in a matter of seconds.
Yet, these technological advances carry significant challenges in security, as electronic information is subject to loss or alteration to a far greater extent than paper records. HIPAA law, in the form of the Security Rule, addresses some of these issues, in support of the goal of privacy and reliability of electronic health information. The Privacy and Security Rules of HIPAA total almost 1000 pages, and while the legal, administrative and technical protection themes are not complicated, deciphering them and implementing action plans requires HIPAA lawyers to work in tandem with HIPAA consulting entities to prepare policies and procedures which will provide the requisite level of security. This is no small challenge in an age where s two-inch USB, or "thumb" drive can hold thousands of pages of medical information, and can slip from one's pocket as easily as the change which often turns up under the couch cushions. Moreover, in a world of social networking, it is not uncommon for individuals to do things they wouldn't normally do in a professional setting forgetting that electronic mediums like the internet make information (sensitive or otherwise) boundless. Once it goes out, it can go anywhere. Facebook, MySpace, and even text messaging are all important considerations with regard to new regulations and Privacy issues.
The HIPAA Security Rule addresses these worries in requiring that Protected Health Information ("PHI") be encrypted during storage as well as during transmission, in accordance with the principles put in place in a Guidance published by the Department of health and human services during April, 2009. DHHS has been mandated, by the revisions to health insurance portability and accountability act in the HITECH Act, to make periodic "spot audits" of hospitals with regard to privacy and security. Evidently, a hospital ought to obtain its HIPAA lawyers in the facility working on security safeguards way before this kind of an assessment takes place.
HIPAA consulting entities, running with a group comprising IT, Records, Legal in addition to the outside HIPAA lawyers ought to embark upon a healthcare compliance security initiative by assessing existing security technical protections as well as administrative security processes (i.e., how electronic health information is used and transmitted), revising those protocols when needed, as well as teaching the staff on implementation of the new policies and procedures. HIPAA law, in 2010, is one of the key principles of healthcare compliance, and the hospital will accomplish the requisite standard most cost-effectively by commencing bringing together the HIPAA lawyers and health insurance portability and accountability act consulting teams with the hospital stakeholders early enough to realize workable tactics in information security.
Learn more about Electronic Discovery Lawyer [http://rashbaumassociates.com/] and Healthcare compliance [http://rashbaumassociates.com/legal-services/healthcare-compliance/].
Article Source: https://EzineArticles.com/expert/Ken_Rashbaum/555315
No comments:
Post a Comment