The security market is flooded with too many healthcare compliance products to name here. And those interviewed...
for this series focused more on the cultural challenges they face, describing changes to their networks in a more general sense.
But some did mention specific healthcare compliance tools that have been helpful in managing HIPAA's security requirements.
Diane McQueen, a systems engineer for Perot Systems, which manages IT security for the nonprofit Northern Arizona Healthcare hospital chain, said her operation chose Cerner Millennium to centralize its sprawling network.
"Before Cerner there were different systems for all these different departments," she said. "In the old days hospitals had many generic accounts where one would be shared by everyone in a department. With Cerner every staffer now has a unique account, a very important step in meeting HIPAA's security rules."
Produced by Kansas City-based Cerner Corp., it includes a shared database that consolidates non-repetitive data and shared process servers for patient identification, scheduling, ordering, charging, results, documentation and measurement.
McQueen also uses compliance tools produced by Houston-based BindView Corp.
Asked what he uses to help manage HIPAA security, Pete Stagman doesn't run down a list of specialty devices. Stagman, information technology manager for Dedham, Mass.-based Boston Home Infusion, said one of the most significant network changes he made was deploying Windows XP Service Pack 2 (SP2).
"I like it because you can't defeat the security of it so easily," he said. "The firewall feature has been helpful."
And while he's a vendor as well as a consultant, Drew Williams, Configursoft's vice president of corporate development, said it's pointless to buy a device and expect all your problems to be solved.
"The worst thing someone can do is buy a piece of technology to meet compliance," he said.
In the end, everyone interviewed for this series agreed no organization can meet HIPAA's security mandates unless it focuses on its people above all else. If the management and workforce can't grasp the importance of security, it doesn't matter which tools they go out and buy.