Report examines HIPAA security preparedness challenges (5/03/04)
URAC, a health care accreditation organization, on Wednesday released a report examining the preparedness of a sample of health care organizations for the Health Insurance Portability and Accountability Act's security rule, which takes effect on April 21, 2005.
The report says key challenges encountered by the health care organizations studied include incomplete or inappropriately scoped risk analysis efforts; incomplete or poorly executed risk management strategies; limited or faulty review of information system activity; and ineffective security incident reporting and response. The report recommends health care organizations begin preparing for the rule now, adding that most security risk management programs can take up to a year to fully implement.
Lawrence Hughes, AHA regulatory counsel and director of member relations, said the AHA is working with strategic partners Ernst & Young and Computer Associates to provide hospitals with additional resources to help jump-start their security efforts.
Click HERE for more information on AHA HIPAA resources.
The New Hampshire & Vermont Strategic HIPAA Implementation Plan