HIPPA and HITECH regulations - Article Example

HIPPA and HITECH regulations HIPPA and HITECH regulations When President Obama singed the American Recovery and Reinvestment Act(ARRA) into law in 2009, he also implemented the Health Information Technology for Economic and Clinical Health Act (HITECH). This law resulted in massive expansions in the reach and scope of the Health Insurance Portability and Accountability Act (HIPAA), as well as its corresponding penalties (Carter, 2009). This paper will examine the impact of HITECH and HIPAA regulations on future healthcare systems, defining how regulations will alter the implementation and ongoing use of software systems.

Impact of HIPAA and HITECH regulations on health care systems for the future Hospitals and healthcare facilities continue to face peculiar challenges in terms of security. These challenges will increase rather substantially in the future, particularly in light of increasing volumes of traffic to and from healthcare facilities. Security needs encompass the need to constrain access to personnel-only regions or protect the privacy of patient information in paper and electronic formats (Bortne, CISSP, & CISM, 2009).

The future systems of healthcare facilities will acquire a multi-faceted approach to meet the evolving regulatory requirements regarding patient privacy. Effective security in the future will encompass a forward-looking approach to deal with requirements for logical and physical access, as well as the appreciation of changing privacy standards and regulation compliance. The most significant privacy standards established by the HITECH Act, and which will affect the conduct of healthcare facilities is the notification requirement.

HITECH requires the notification of security breaches regarding healthcare-related issues. In the future, healthcare facilities will implement data security standards with regard to electronic health records and develop privacy and security provisions well beyond HIPAA (Trinckes, 2012). Although HIPAA focuses on health information privacy and security issues, HITECH act extends to non-HIPAA covered entities and holds them to similar privacy and security standards like HIPAA-covered entities (Carter, 2009).

For instance, under HITECH, pharmacies, healthcare providers and other business entities will be subject to security and privacy provisions in HIPAA. In essence, this means that HITECH will, in future, require all healthcare vendors of personal health records to maintain similar levels of security and privacy as HIPAA entities. The federal government, through the US Department of Health and Human Services, will require all healthcare vendors to protect patient health data by fully disclosing breaches by including a succinct description of the breach incident, time of occurrence, discovery and forms of information involved (Trinckes, 2012).

On a state level, HITECH will allow states to enforce HIPAA standards on healthcare providers and vendors. States will also impose fines similar to those levied by the federal government. For many years, healthcare facilities have utilized various methods of ensuring security of patient health information. State requirements demand that healthcare organizations establish effective procedures to ensure security and privacy. However, federal requirements demand that healthcare facilities implement HIPAA and HITECH standards in all their systems.

How the regulations will modify the implementation and ongoing use of software systems For most healthcare organizations, the establishment of IT security technology in building security and privacy has occurred through diverse security policies, objectives and departments. Consequently, healthcare staff needs to carry multiple access cards and recall diverse PINs and passwords to various applications, networks and regions within the healthcare facility. These traditional practices resulted in disjointed security systems, which were cumbersome for employees and costly for the facility.

These IT practices pose substantial risks to healthcare facilities meeting HIPAA and HITECH security and privacy requirements. HITECH standards will allow healthcare security administrators to implement high levels of security, which leverage the facility’s existing investments to acquire high levels of adoption by facility staff (Bortne, CISSP, & CISM, 2009). HITECH and HIPAA standards will allow for the adoption of smart cards to provide intense security. Secure, portable smart cards will be popular in safeguarding physical security and ensure privacy of sensitive electronic information.

Software systems will, therefore, allow for the use of contact and contactless smart card technologies, which will provide opportunities for security administrators to execute a single badge, which functions as a workplace ID, authentication token and physical security access card. For instance, in the future, one smart card will guarantee secure nurse, staff and doctor access to networked computers, the emergency rooms, visual verification of identification and contactless purchases in the cafeteria.

Changes and impacts to software and hardware vendors The implementation of HITECH and HIPAA standards will produce massive changes and effects to hardware and software vendors. For instance, the establishment of software systems in healthcare facilities will enhance the relationship between healthcare facilities and software vendors who provide these systems (Mauleen, 2010). Hardware vendors, on the other hand, will incur massive losses as healthcare facilities shift from hardware to software systems.

The relationship between hardware vendors and healthcare facilities will cease to exist as hardware systems, in healthcare facilities, become obsolete in the face of software systems.   Changes and impacts to infrastructure and organizational standards  Infrastructural changes will take hold in healthcare facilities following the adoption of HITECH and HIPAA standards for security and privacy (Bortne, CISSP, & CISM, 2009). For instance, hardware systems will be replaced by software systems such as smart card readers.

Organizations will ultimately seek to optimize software security by using varying smart card technologies, which encompass differing support systems. Infrastructure will also encompass systems for ensuring that software systems function effectively. This includes, among others servers and control rooms, which monitor the effectiveness of software systems such as smart card readers. Organizational standards will also shift from manual to electronic ways of conducting straightforward actions such as checking in for duty to complex actions such as transferring patient health data to relevant stakeholders.

References Bortne, K., CISSP, & CISM. (2009). The HIPAA and HITECH toolkit: A business associate and covered entity guide to privacy and security. Boston: Hcpro Incorporation. Carter, P. I. (2009). HIPAA compliance handbook: 2010 edition. Colorado: Aspen Publishers. Mauleen, J. (2010). Recent developments with HIPAA: Leading lawyers on interpreting the new HIPAA laws, developing effective compliance strategies, and responding to recent enforcement actions. Boston: West, Aspatore Books. Trinckes, J. J. (2012).

The definitive guide to complying with the HIPAA/HITECH privacy and security rules. Florida: Auerbach Publications.