Dr. Slater, I think what you've noticed is that the discussion about HIPAA has gone from external forums to internal implementation. Specifically, everyone is now going crazy implementing their systems and changing business processes to get compliant.
I have not seen much speculation as to what would happen if an outfit chooses to not comply with HIPAA. I believe in a worse case fines could be brought. Perhaps also a hospital's/clinic's JACHO accreditation threatened. But the latter is just a guess. There has been quite a bit of discussion at HIMMS I understand about legal issues (civil suits) that might arise. Having said that I do think some organizations are adopting the buy-a-cheap-system-and-call-it-due-diligence approach, which IMHO is dubious. Richard Schilling ---- Original message ---- >Date: Sat, 1 Mar 2003 10:23:04 -0500 >From: "Bruce Slater, MD" <[EMAIL PROTECTED]> >Subject: Re: HIPAA watered down? >To: <[EMAIL PROTECTED]> > >Is it my imagination, or has HIPAA progressed from a roaring lion-like formidable regulatory project likely to cost more than Y2K to a meowing kitten that can be finessed with minimal cost? > >If a practice completely ignored HIPAA, how much out of compliance would they be? > >(not that I am suggesting doing that, I think the original HIPAA had some good aspects) > ----- Original Message ----- > From: david derauf > To: [EMAIL PROTECTED] > Sent: Friday, February 28, 2003 4:27 PM > > > Security rule omits encryption requirement > > February 27, 2003 > > The final HIPAA data security rule does not require health care organizations to encrypt electronically transmitted health data, but orders them to determine on their own whether they should use encryption. The change is one of several intended to help organizations meet the final security regulations, Health Data Management reports. > > Many providers, however, will choose to encrypt protected health information, especially data in payment transactions. To protect themselves from liability, providers may demand that payers and other financial institutions also encrypt personal health data, according to John Casillas, founder of The Medical Banking Project, a research group focused on the impact of information technology and HIPAA on the health care and financial sectors. > > "Providers are the ones on the line and will want to make sure their data is protected throughout the entire banking system," Casillas said (2/26). > >________________ >spacer.gif 1k bytes
