HIPAA and HITECH: Need of the Hour for the Healthcare Industry
Information Technology having entered every industry, most of the data and information are stored and
transferred in electronic form. Though the electronic storage and retrieval of data has cut short the
manual labor and work-hours involved in the process, safe handling of this electronic data is a challenge
faced by the industries. The growing dependence on IT in the health care industry and related
enterprises has raised issues of security of the customer-centric personal data, the leakage or disclosure
of which might lead to problems beyond the control of the organization.
Safety of electronically stored data is crucial for the healthcare sector as the data they handle are
sensitive and pertains to the patients. Further, electronic medical records and other such private data are
information that needs to be secure as per the HIPAA compliance regulations. Technological innovations
have facilitated the development of security software to ensure safety of the various databases, which are
accessible through Internet or the corporate networks.
HIPAA, the Health Insurance Portability and accountability act came into effect in the year 1996, to
ensure privacy and security of sensitive medical records and confidential data with the help of
administrative, technical, or physical safety methods. This was followed by the HITECH Act in 2009. The
Health Information Technology for Economic and Clinical Health (HITECH) Act was enacted to ensure
that electronic health records are well safeguarded.
The need for HIPAA/ HITECH compliance arose to provide the customers improved portability and
continuity of health insurance coverage irrespective of the location they move on in a globalized
environment. Further, these compliance regulations ensure improved efficiency and standardization with
easy interchange and privacy of electronically stored data. The HITECH aspect ensures the
organization's stick to the compliance regulations of HIPAA with strict notifications, penalties and changes
in liabilities and responsibilities.
However, for the layman, the HIPAA/HITECH compliance combines IT compliance and healthcare
compliance. Being similar in approach towards the problem of security and privacy, the business
associates also become accountable for the data breaches and non-compliance. Nevertheless complying
with both HIPAA and HITECH is time-consuming and complex process.
The advent of cloud computing technology has made HIPAA and HITECH free from high-tech hardware
and software. Leaders in the industry sector have developed unified security monitoring and enterprise
compliance management software with encryption protection systems that work towards safeguarding the
electronic health records within the policy framework. This cloud –based service with a single and
centralized repository for all compliance related evidence has the ability to be customized as per business
needs and can be integrated with external business associates and vendor management.
Read on - vulnerability management, iso 27002