The Health Insurance Portability And Accountability Act Of 1996 ( Hipaa )

1685 Words7 Pages
Another important component within Healthcare information security is having the necessary legal backing to create and enforce information security laws. Without such laws, healthcare providers would not be required to show due diligence in protecting patient information, and patient information would be at risk. Thus, legislation is beginning to play a significant role in establishing rules, regulations, and consequences. For instance, the Office of Civil Rights (OCR) maintains one of the most well-known laws meant to protect the privacy of health information - the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA is composed of statute and rules such as the Privacy Rule, Security Rule, Breach Notification Rule,…show more content…
For instance, while the HIPAA mandates risk assessment and risk management, it “does not mandate the frequency of reviews or updates” (Sayles & Trawick, 2010, p. 304-305). Thus, lack of specifics can lead to some inadequacies or inconsistencies within the legal system, causing healthcare providers and/or patients to adopt information technology with reluctance. Ultimately, enforceable legislation is a significant step for obtaining a strong foundation for information security in healthcare. It is imperative that the legal system be able to dynamically and quickly adapt to the needs of the healthcare industry, in order to keep pace with information technology and the latest security threats. In addition to legal support, standards have been implemented to assist with health information security. For instance, the ISO/IEC 27002 is a standard that was created in the mid 1990’s to provide theory and recommended techniques for dealing with information security. Furthermore, the ISO 27799 supplements the ISO/IEC 27002 by providing more detailed guidance that has been customized for the healthcare industry. According to Fernández-Alemán, Señor, Lozoya, & Toval, the ISO 27799 standard “provides clear, concise and healthcare-specific guidance on the selection and implementation of security controls for the protection of health information, and is adaptable to the wide range of sizes, locations, and service delivery models found in healthcare.” Thus, it would appear that
Open Document