Implementation security solution for HIPAA is a very challenging scenario. Listed below five basic considerations before implementing security solution for HIPAA.
1. Costs, which must be kept low on a per-user basis. IT is considered a support function and not necessarily a method of generating more revenue in the healthcare space.
2. Deployment method and costs. Given that there are many parties involved in a typical healthcare transaction (patient, doctor, nurse, administrator, HMO, hospital) having an easy-to-deploy system is essential. Frequent upgrades or replacements would become significantly expensive because most healthcare workers are so frequently mobile.
3. Compatibility with legacy systems. For example, many hospitals still use Novell as their primary network operating system and management tool. Yet in the corporate world, Novell is considered a very small segment of the market. As a result, solutions must take into account that backward compatibility must be maintained.
HIPAA is biggest driver of security technologies in the healthcare space. HIPAA (Health Insurance Portability and Accountability Act of 1996) was originally intended to protect the right to healthcare for workers when they changed or lost their jobs. A by-product for the technology industry was the recognition that HIPAA would place a large administrative burden on the healthcare system. As a result of this view, the Administrative Simplification set of provisions allowed for the creation of requirements to move a number of administrative healthcare functions online. In summary, these provisions included the following:
•Standards to enable electronic exchange transactions
•Creation of unique identifiers for individuals, employers, health plans, and health providers
•Sets of codes identifying specific medical services that can be used to simplify billing
•Security standards for the management of health information that describe how healthcare information and IT systems involved with that information are to be protected
•Use of digital signatures
•Ability to transfer information between health plans (to ensure continuity of coverage)