How to get management to accept HIPAA compliance

How to get management to accept HIPAA compliance

My company is slow to accept that HIPAA compliance will require significant spending on items from infrastructure through capital items and possibly personnel. How can I help them step up?

    Requires Free Membership to View

    Login

    When you register for SearchStorage.com, you’ll also receive targeted emails from my team of award-winning editorial writers. Our goal is to keep you informed on the hottest topics, the latest news and the biggest challenges you face as a storage professional today.

    Rich Castagna, Editorial Director

    By submitting your registration information to SearchStorage.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchStorage.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Start with an assessment of the regulatory and business requirements and then, propose spending for items that will enable the company to meet those needs.

Be sure to assess your company's compliance with new record keeping and data retention requirements under the HIPAA Privacy Rule. Covered entities (CEs) -- including healthcare providers and health insurance carriers -- must keep records of all disclosures of protected health information (PHI) for six years, so the CE can respond to a patient's request for the record of such disclosures. This may require new infrastructure capabilities for logging and indexing all requests for patient information, and their handling and disposition -- and for generating a report in response to a patient's request.

Also, assess the impact of the HIPAA Security Rule that requires CEs to safeguard the confidentiality and integrity of PHI in electronic records during transmission and storage. The compliance deadline for large companies is April 2005 for the Security Rule but companies should plan to complete their assessments and implement their infrastructure solutions by the end of 2004. Allow time for validation testing, staff training and compliance audits -- before the compliance deadline.

If your assessment shows that you need new infrastructure to implement the appropriate technical safeguards, it will take some time to get the new infrastructure defined and installed. So the time to start is now!

Ed note: If you would like to read additional compliance articles, opinions and expert advice, make sure to sign-up for our ALERTS on compliance. Click here to sign up. SearchStorage.com also offers alerts on low-cost storage.
Do you agree with this expert's response? If you have more to share, post it in one of our .bphAaR2qhqA^0@/searchstorage>discussion forums.


This was first published in December 2003