New Federal Disclosure Law for Healthcare

New Federal HIPAA Legislation Call for Reinvention of Data Security & Protection

February 17th 2009 President Obama signed into law the High Tech Act of 2009. The High Tech Act is a part of the overall strategy to reinvent the healthcare industry. The High Tech Act legislation is clearly designed to help the public by ensuring that healthcare entities adhere to strict data security guidelines. This legislation is essentially the type of legislation that has been pushing the Payment Card Industry to new levels of data security. Healthcare providers will definitely be pushed to protect private health information more diligently because they will have to disclose publically any breach of private heath record information. The fear of bad press, serious fines from HHS and lawsuits from healthcare customers will make healthcare providers focus their resources on protecting data.

The deadline for Compliance with the new disclosure laws for healthcare providers is September 19th 2009

This is good news for the public but, clearly will create new challenges for healthcare organizations. The healthcare industry is facing what the Payment Card Industry was a few years ago. The challenges will be even more difficult if they try to reinvent the wheel. The silver lining is that the Payment Card Industry had many of the same challenges for data security. Many lessons can be learned from the trials and tribulation that they have already endured. Although PCI does not guarantee total security it does have a solid foundation with key security recommendations to follow.

Excerpt from Log Fidelity whitepaper

"Overcoming HIPPA Challenges in the New World of Accountability" [Get the Whitepaper]

Much like Sarbanes Oxley, previous versions of HIPAA have a lot of room for interpretation. Some confusion that has been caused by the legal verbiage and lack of detailed recommendations are that Healthcare providers don’t clearly understand what needs to be done to protect data. In addition, the auditors and assessors that are tasked with auditing them are also faced with the same issues.

The lack of clarity can leave room for loopholes which will lead to a much higher likelihood of data breaches. In the past, this might have been an acceptable risk to the healthcare providers because the resulting implications weren’t as high. This is no longer true. The risk of backlash to the offending healthcare organization will be extremely high if private health information is exposed.

There are Three Significant Areas that Effect Healthcare Organizations in regards to protecting Private Health Information.

New Federal Breach Disclosure Laws – Making it mandatory for Healthcare Institutions to publically announce breaches of private health information.
Health & Human Services Audits – New Security Audits are no longer an option that HHS can exercise. They are not required to perform regular audits.
Fines and Repercussions – The disclosure of data theft incidents will result in lawsuits, customer upheaval, loss of stock and brand recognition will cost healthcare providers millions of dollars in losses.

Conclusion

Prevention, detection, and incident response measures are the fundamental tools that are needed to help healthcare providers protect health record data and solve HIPPA compliance. This means a concerted effort to protect data inside databases and overall security and accountability across the enterprise. The Log Fidelity team has been working with organizations to combat data theft and compliance for several years.

Log Fidelity Solutions Automate & Integrate:

Intelligent Log Management
Database Activity Monitoring
Security Incident Management
Powerful Compliance Reporting

The LogClarity® Enterprise Solution can help your organization meet the new HIPPA mandates and protect electronic private health information today.