HIPAA Security Redux

A re-evaluation process and recommended areas to review

CHICAGO, November 6, 2007 — Programs resulting from the HIPAA security rule are due for a close examination, according to an article in the November/December issue of the Journal of AHIMA. Since most programs were implemented in the past two years, organizations are beginning to evaluate the subject areas and standards of their compliance plans.

Electronic protected health information (PHI) and the supporting compliance plans are affected by environmental and operational forces, including changes in legislative requirements, institution ownership, and health information system. These changes can compromise the quality of security standards and create the need for evaluation. The HIPAA security rule requires compulsory performance measurements of the compliance program to ensure the plans keep pace with changes and developments in the field.

The Journal article describes three essential components of an evaluation: risk analysis and management; assigned security responsibility; and response and reporting. Also provided is a comprehensive evaluation outline to aid healthcare professionals in developing their own assessment measures unique to the needs of their institutions.

Read the complete article in the November/December issue of the Journal of AHIMA or online at www.ahima.org.

About AHIMA

AHIMA is the leading professional Association representing more than 51,000 specially educated and certified health information management professionals working throughout the healthcare industry.  HIM professionals serve healthcare and the public by managing, analyzing, and utilizing data vital for health system management.