Network Computingwww.networkcomputing.com

	Issue TOC Print full article Print this page Download as PDF E-Mail this URL Flame the author     In this article Introduction Wrong Side of the Law? A Bite Out of Password Costs Executive Summary Online Only: Does HIPAA Affect Me?

The Health Insurance Portability and Accountability Act is aimed primarily at health-care providers and clearinghouses, but it affects just about every large organization (large being defined as an organization with more than 50 employees).

HIPAA is often recognized as the act that ensures coverage, removing pre-existing condition clauses and other insurance-coverage issues. What often isn't known is that there are quite a few regulations within HIPAA that relate to controlling access to health-related records. These are the privacy and security rules that have been implemented in accordance with HIPAA. And these rules affect many more organizations than is commonly expected.

If your company operates a pharmacy -- as many grocery stores across the United States do -- you must comply with HIPAA regulations. If you pay for health-care plans for your employees, your organization falls under HIPAA regulations. Yes, that means that just about every organization needs not only to understand HIPAA, but to comply with its regulations regarding security and privacy of

health-related information.

Two key requirements of HIPAA to be aware of:

• HIPAA requires that users be uniquely identified by biometrics, a token or a password/PIN combination.

• HIPAA requires the ability to record and audit activity related to the access of patient medical information. This includes online access and electronic transfer.

• You need to be able to control access and provide information on who had access to what and when. This includes documents, databases, applications and e-mail.

For more information:

General information on HIPAA

For a discussion of the regulations and the potential impact of security and privacy issues on your organization