The Certification Criteria Used by HIPAA - Essay Example

HIPAA requires such programs to comply with and apply its rough, role-oriented, access control, authorization, and authentication policies. These policies help make sure that patient data is protected appropriately and that healthcare providers adhere to them (Kibbe, 2005). Overseeing and sustaining these kinds of initiatives in an active environment is certainly a heavy burden for healthcare providers. These rules are in some because healthcare providers are equally committed to allocating as many resources as possible and concentrating on the quality of care given to patients.

Translating these functions into convenient and successful security and compliance initiative is difficult (Kibbe, 2005). Second, I disagree with their claim that all application-to-database accesses by any healthcare professional are logged automatically. For a healthcare organization to enjoy automatic logging of applications to database accesses by doctors, nurses, lab technicians, and administrators, it has to employ additional security and identity management solutions. Unfortunately, HITECH does not cover these additional technological solutions even though HIPAA requires that all healthcare providers do (Kibbe, 2005).

When medical practitioners and other healthcare professionals within a single healthcare organization enter data freely into a secure database through application-to-database access, links healthcare providers are authorized to access the same data as well. This approach may eliminate redundant paperwork and lower administrative burden, but increases the risk of intrusion by unscrupulous parties in linked healthcare organizations. Ensuring that applicable system events such as booting and rebooting are logged is important because developers have to support the secure conveying of these logs from the applications to administrators.

Accesses made by healthcare professionals have to be compliant with regulations imposed across all of the different scaled and levels of healthcare provision and services. Some of the regulations present in the HITECH act and HIPAA are unclear (Kibbe, 2005). Lastly, I agree that doctors need quick access to EMRs so that encryption and key management overhead, or simply the loss of decryption keys, cannot slow them down. The password for any encoding or decoding system has to be cleared at some point for it to be entered for logging successfully (Terry, 2015).

If a user locks the system along with the passcode, the passcode will be retrievable from a different location and time. There appears to be no way to circumvent this requirement. Even though many healthcare providers implement tectonic medical records, some practices remain slow. In addition, electronic health records with the above encoding and decoding systems are costly, which healthcare providers treat as a key management overhead (Terry, 2015).