Gaps in the security and privacy of healthcare data still exist, even though the Health Insurance Portability & Accountability Act's (HIPAA) rules for security and privacy safeguards were extended by the Health Information Technology for Economic and Clinical Health (HITECH) Act. For many healthcare providers, these gaps could be the cause of a major security breach, according to Raj Chaudhary, the leader of the Security and Privacy practice at Crowe Horwath LLP, one of the largest public accounting and consulting firms in the U.S.
'The HIPAA Security Rule has three sets of security standards. Each set has several safeguards, and each safeguard has one or more implementation specifications,' said Chaudhary. 'Providers need to assess their controls and infrastructure against these standards in order to avoid penalties.'
As part of compliance with the HIPAA Privacy Rule, Chaudhary also suggests that providers evaluate their risk of compromising all forms of protected health information (PHI) for improper use or disclosure, loss of data and breach of confidentiality.
Tuesday, February 1, 2011
From the PRNewswire: