Cutting Edge Issues

eHealth:
Towards A New World of Communications in Medicine

Case Study: Overlake Hospital Medical Center

Information on Demand: Consumer-Controlled Medical Records

Finding Leaders for Internet Health Care

Building the Security-Capable Enterprise

Planning Business Strategies with Internet Support

Internet Use as a Survival Strategy

Case Study Zone

Who is eMed?

Building the Security-Capable Enterprise: HIPAA Preparation

Part 4

Most of the security and privacy standard, however, has very little to do with technology and a great deal to do with administrative procedures. The privacy notice of proposed rule points out that providers will have to enhance the understanding of their patients where confidentiality is concerned and gain their acceptance of the measures in place to protect their privacy. How can the CPRI toolkit help? It provides access to the regulatory requirements and makes guidelines in the area of confidentiality and security available online at no charge. In addition, CPRI has been able to persuade a number of prominent provider organizations to contribute case studies in various areas. It is possible to download the relevant material from the CPRI web site either in its entirety or by section; the complete download takes about 10 minutes for most users.

Among the sections available online are an executive summary; an introduction; a chapter on how to use the toolkit; a section on monitoring laws, regulations, and standards; links to the proposed rules; and more information about other aspects of HIPAA. In addition, there is material available to help users determine what they need to know about each state’s medical privacy legislation. An organization may want to start deploying some standards accepted either nationally or internationally in the course of its preparation for HIPAA. If so, it can use the web site’s section covering how those confidentiality and security standards are set and which of those extant might be pertinent. The joint recommendations of the National Committee for Quality Assurance and JCAHO for protecting personal health information also appear.

Much important information on developing policies, procedures, and practices is to be found in section 4 of the toolkit. CPRI has obtained sample policies from a number of organizations that appear in that section, along with good coverage of training. An instructor’s guide and a presentation file can be downloaded and modified to suit the organization. There are sample confidentiality statements available, as well as many CPRI guides. There is also a section covering special issues in electronic information transmission and the HCFA Internet policy. Another section deals with enhancing patients’ understanding and with institutionalizing responsibility.

Addressing HIPAA begins with a sound plan. Provider organizations know that they must comply with HIPAA. The first step toward that end is determining what needs to be done (and how individuals should behave) in response to the new regulations. It will be necessary to use new technologies, such as encryption and public key infrastructure, in certain cases, and to reinforce the relevant policies and procedures. Organizations will also, through audits, need to determine what has been accomplished.

4 of 5                                                                               Next >