HITECH Ratchets Up HIPAA Accountability
John I. Winn
Kevin H. Govern
Ave Maria School of Law; California University of Pennsylvania; John Jay College
January 11, 2010
Modern Medicine, January 2010
In the current risk climate, the loss of confidential patient data to unauthorized third parties presents a daunting challenge for healthcare professionals. In this context, the introduction of large networks of computerized health information has caused the number of individuals with access to patient medical records to expand exponentially.
Physicians make widespread use of laptops, home-computer links, smart phones, smart cards, USB flash drives and PDAs. E-prescribing systems link physicians and others directly to pharmacies. A contemporary physician's Blackberry typically contains far more patient information than the locked filing cabinets of previous years. Unfortunately, all of this healthcare data — ranging from medical diagnosis and treatment codes, to names, addresses, birthdates, social security numbers, bank and credit card accounts — has enormous value to identity thieves who exploit open networks and Wi-Fi systems.
Within the context of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 all "covered entities" that collect private health information must comply with specific administrative, technical and physical security standards and procedures for "electronic protected health information."
Number of Pages in PDF File: 3
Keywords: Health Insurance Portability and Accountability Act (HIPAA) of 1996, HIPAA, Health Information Technology for Economic and Clinical Health Act, HITECH, medical administration, confidential data, healthcare, identity theft, cyber risk, data compromise
JEL Classification: I10, I11, I12, I18, I19, K10, K20, K42, M12, M14
Date posted: August 12, 2012