We are currently witnessing the most expansive digitization of health care in history (Professor Jonathan Weiner, Johns Hopkins School of Public Health, September 26, 2014; Graham, M.B., Thomas Jefferson School of Population Health Capstone Proposal, July 2016). The national push to digitize comes with new regulatory standards for securing data and increased enforcement of the standards. The federal government is the main enforcement body for data security standards in health care. But the one thing we learned in the last year is that no system is secure—even our federal government systems are vulnerable to attack. Besides the splashy hack of the Democratic National Convention servers in 2016, the U.S. military computer system was hacked in 2008 through an infected flash drive. Just last month, Oregon Sen. Ron Wyden issued an open letter stating that Senate email accounts lack the option to enable dual factor authentication—one of the most basic cybersecurity measures that exists. So how should a health care entity, operating in one of the most cyberattacked industries, approach compliance in this kind of environment?
In 1996, HIPAA standardized electronic transactions in the health care sector and regulated the use of health data. HIPAA regulated the privacy and security of health data that constituted protected health information (PHI). The privacy rule protects PHI from unauthorized disclosure, including oral, paper based and digital. The security rule, which only applies to electronic PHI, requires specific safeguards.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]