Navigation barWho are we?Case StudiesCutting Edge Issues
Home

Cutting Edge Issues

eHealth:
Towards A New World of Communications in Medicine

Case Study: Overlake Hospital Medical Center

Information on Demand: Consumer-Controlled Medical Records

Finding Leaders for Internet Health Care

Building the Security-Capable Enterprise

Planning Business Strategies with Internet Support

Internet Use as a Survival Strategy

Case Study Zone

Who is eMed?

Building the Security-Capable Enterprise: HIPAA Preparation

Part 5

CONCLUSION

From many consulting organizations, CPRI has been able to synthesize eight critical steps in HIPAA preparation:

  • deciding what the organization wants to do in response to HIPAA;
  • determining who, within the enterprise, will be responsible for the necessary action;
  • building risk-management capabilities within the organization, if they do not already exist;
  • making the entire organization aware of this project;
  • implementing the necessary policies and procedures;
  • changing infrastructure (particularly information networks) as needed to protect information;
  • conducting an awareness campaign that lets staff members know what is, and is not, acceptable where confidentiality is at stake; and
  • working to inform patients of the institution’s policies and address their concerns.

The result of this process, if it is conducted properly, should be enhanced judgment in managing health data. In addition, enterprises following these eight steps will have improved the security of their health care information.

Ted Cooper, MD, is national director of security and privacy, Kaiser Permanente, Oakland, Calif; immediate past chair of the board of directors of the Computer-based Patient Records Institute (CPRI); and chair of the CPRI content committee. He is an ophthalmologist and associate clinical professor of ophthalmology at Stanford University Medical School, Stanford, Calif. This article has been excerpted from Preparing for HIPAA: What You Have to Do to Assure Privacy and Confidentiality of Patient Information, which he presented at the Symposiumon E-Healthcare Strategies for Physicians, Hospitals & Integrated Delivery Systems, on June 26, 2000, in San Francisco.

References

  1. Federal Register. Security Standard and Electronic Signature Standard, Proposed Rule (1998) (codified at 45 CRF part 142).
  2. Federal Register. Standards for Privacy of Individually Identifiable Health Information. (1999) (codified at 45 CFR parts 160-164 Rin: 0991-AB08).3. CPRI page. Available at http://www.cpri-host.org. Accessed September 5, 2000.

5 of 5                                                                                     
emed logo©2000 Decisions In Imaging Economics.
All rights reserved.
Contact: editor@imagingeconomics.com.