The Role of HIPAA for IT Professionals
You may have heard of HIPAA—the Health Insurance Portability and Accountability Act—and wonder how this relates to the IT industry. To gain a better understanding, let’s first look at what HIPAA is and then examine how it may affect you.
The HIPAA legislation was put into place in 1996, but recently gained attention because of 2003 deadlines associated with the Act. The creation of the President’s Information Security Council and Homeland Security initiatives also elevated awareness around the importance of information security, of which HIPAA is one component.
HIPAA focuses on three areas of the health-care industry: administrative simplification, unique health identifiers, and privacy and security. While HIPAA is directed toward the health-care industry, IT puts these regulations into action. The greatest area of interest for IT professionals is the security provision.
HIPAA mandates that all patient information is secure, whether it is transmitted electronically or in written format. The IT divisions within health-care organizations need to make sure their systems and processes are in compliance with regulations. While HIPAA may mean a slight increase in the breadth of security positions in the health-care industry, it also means an increase in the level of security among the already-existing IT departments and personnel. The businesses affected by this legislation are not just health-care providers, but also vendors and suppliers of health-care organizations.
Within IT there are two key groups of personnel that HIPAA security touches: network administrators and IT managers. Network administrators need to know how to secure the network and the existing infrastructure, monitor the firewall and protect the network from intrusion. The knowledge necessary to accomplish these tasks can be attained through general information security training. Additional targeted HIPAA training can help provide knowledge of the legislation and the technical regulations.
IT managers need a more thorough understanding of how HIPAA affects their teams and existing infrastructure and systems. Aside from security knowledge, the IT manager needs to determine what is required to be compliant and how to implement the proper solution. Additionally, IT managers need to be familiar with the deadlines associated with HIPAA.
Even though it has been seven years since the creation of the law, the practices are just beginning to be put into action. On Aug. 12, 1998, the proposed rule for Security and Electronic Signature Standards was published for comment. With the Final Security Rule to be published in 2003, covered entities need to begin looking at their IT infrastructure to identify areas where additional security training will be required in anticipation of the final rule.
- If you are in IT in the health-care field, you need to look at whether you and your overall team are thoroughly trained in information security.
- If you are an IT manager in the health-care field, you need to evaluate how HIPAA affects your staff.
- If you are not in the health-care industry, information security is still something you should consider pursuing, as its demand in other industries is becoming just as prevalent.
Since deadlines drive action, the demand for training is now increasing. If you are interested in learning more about HIPAA, you can turn to a few different sources. The HIPAA Academy provides a comprehensive HIPAA solution, which can include consulting services, risk assessment and training through its network of certified and exclusive training partners across the United States.
HIPAA Academy partners offer information security and HIPAA training for all levels of personnel, through multiple methods of delivery, including instructor-led and e-learning. A certification program has been developed by the HIPAA Academy and is offered through Prometric. The certifications include the Certified HIPAA Administrator (CHA), Certified HIPAA Professional (CHP) and Certified HIPAA Security Specialist (CHSS). Non-certification training is also available and includes courses such as HIPAA Awareness Training, HIPAA Executive Overview, HIPAA Privacy for Beginners and Introduction to HIPAA Security. You can find out more about the HIPAA Academy and the role of HIPAA in IT at www.hipaaacademy.net.
Martin Bean is the chief operating officer of New Horizons Computer Learning Centers Inc., the world’s largest computer training company.