HIPAA security tools helpful for some firms

By Bill Brenner, News Writer 17 Mar 2005 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

The security market is flooded with too many healthcare compliance products to name here. And those interviewed for this series focused more on the cultural challenges they face, describing changes to their networks in a more general sense.

But some did mention specific healthcare compliance tools that have been helpful in managing HIPAA's security requirements.

HIPAA data security rules: HIPAA rules force health insurers to secure sensitive data: HIPAA is forcing a majority of health insurance companies ensure the security of sensitive data. HIPAA security rules broken down: The HIPAA security requirements have been described by the Department of Health and Human Services, ArticSoft, HIPAAacademy.net and the Centers for Medicare & Medicaid Services (CMS). HIPAA security rules essential to protect data, say experts. The HIPAA security rules force healthcare firms to protect sensitive healthcare information. The security rules could guard against identity theft and data security breaches, say IT pros and industry experts. HIPAA security rules apply to firms with healthcare plans.Companies that offer healthcare plans are affected by the HIPAA security rules. HIPAA security rules set hurdles for struggling hospitals: Struggling hospitals hand HIPAA responsibility to the IT department, which can cause problems, say experts. HIPAA compliance officers explain hurdles, data security successes: HIPAA compliance officers share their problems and successes meeting the data security standards. HIPAA causes data security problems for small businesses: Some doctors' offices and other small businesses are having trouble complying with HIPAA rules

Diane McQueen, a systems engineer for Perot Systems, which manages IT security for the nonprofit Northern Arizona Healthcare hospital chain, said her operation chose Cerner Millennium to centralize its sprawling network.

"Before Cerner there were different systems for all these different departments," she said. "In the old days hospitals had many generic accounts where one would be shared by everyone in a department. With Cerner every staffer now has a unique account, a very important step in meeting HIPAA's security rules."

Produced by Kansas City-based Cerner Corp., it includes a shared database that consolidates non-repetitive data and shared process servers for patient identification, scheduling, ordering, charging, results, documentation and measurement.

McQueen also uses compliance tools produced by Houston-based BindView Corp.

Asked what he uses to help manage HIPAA security, Pete Stagman doesn't run down a list of specialty devices. Stagman, information technology manager for Dedham, Mass.-based Boston Home Infusion, said one of the most significant network changes he made was deploying Windows XP Service Pack 2 (SP2).

"I like it because you can't defeat the security of it so easily," he said. "The firewall feature has been helpful."

And while he's a vendor as well as a consultant, Drew Williams, Configursoft's vice president of corporate development, said it's pointless to buy a device and expect all your problems to be solved.

"The worst thing someone can do is buy a piece of technology to meet compliance," he said.

In the end, everyone interviewed for this series agreed no organization can meet HIPAA's security mandates unless it focuses on its people above all else. If the management and workforce can't grasp the importance of security, it doesn't matter which tools they go out and buy.

Sound Off! -

Tags: HIPAA,  Tech strategy,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us