SANS NewsBites Vol. 11 Num. 23 (3/24/2009)
Stimulus Package Includes Changes to HIPAA Privacy Rules (March 18, 2009)
The federal stimulus package includes amended rules regarding the Health Insurance Portability and Accountability Act (HIPAA). The new provisions require doctors to keep records of when they disclose patient information. The previous regulations allowed doctors to share patient information for treatment, payment or healthcare reasons without noting when the information was shared. The new provisions do not take effect until January 2014. Medical practices are also required to post notices of data security breaches if 10 or more patients are affected. If the number of affected patients is 500 or more, the practice must notify all affected patients, a media outlet and the US Department of Health and Human Services (HHS).
[Editor's Note (Cole): If you work in health care now is the time to act, even though the new laws will not take effect for 5 more years. As systems and networks are re-designed, start to incorporate detailed logging, concise access lists and control of patient information. It is easier to design security in than try to fix it later.]
No comments:
Post a Comment