Healthcare organizations and their business partners are facing compliance trauma from every aspect of the business. Security and privacy regulations have been in place since 1996 within the United States with HIPAA, but for the first decade of its existence HIPAA had no teeth. Today, healthcare organizations face increased liability, fines, as well as audits to demonstrate that protected health information (PHI) is adequately secured. Healthcare organizations are also being forced into a state of compliance-critical condition by the HITECH Act and a host of other regulations.
Approaching IT security and compliance in healthcare is not a simple task - there are a variety of approaches, some add overhead and encumber an organization, while others enable operational efficiencies to be achieved along with improved security of PHI.
This paper highlights six critical elements healthcare organizations should consider to achieve economies in IT security and compliance.