Information Technology Reference
In-Depth Information
According to Walt (2004), however, despite
the effort by the healthcare industry to meet the
requirements imposed by HIPAA, the outcome of
his study suggested that covered entities are still
struggling to meet these requirements in a timely
and cost effective manner.
Many factors may be affecting the level of
success of HIPAA Security Rule implementation.
The aim of the present study was to investigate
the readiness of healthcare institutions in Wash-
ington State and to uncover the main factors
that may be hindering the HIPAA Security Rule
implementation.
of expertise in security, and/or lack of HIPAA
security rule related expertise.
CONCEPTUAL/THEORETICAL
FRAMEWORK
This study adopted the HIPAA Dynamic Arrow
Framework (Figure 1), inspired from the HIPAA
Triangle Framework proposed by Fadlalla and
Wickramasinghe(2004) and Wild, K.R. (2009).
It is the most appropriate for this research study
because it positions the fundamental elements of
the HIPAA regulation, namely Privacy, Transac-
tion standards, and Security along the HIPAA's
evolving implementation process.
To maintain customers' privacy and confiden-
tiality, electronic healthcare transactions have to
meet a number of security criteria imposed by
HIPAA. “Some of these criteria affect how health-
care systems can be accessed as well as how the
key players may interact with these systems”
(Wickramasinghe & Goldberg, 2005, p. 6).
THE PROBLEM
Many studies concerning HIPAA security
regulations compliance concluded that the full
compliance of healthcare industry with the final
security requirements of the HIPAA regulations
by mandatory compliance was doubtful (Walt,
2004; Bravo, 2005).
The problem is whether the poor level of
compliancy (Jones 2001; Walt, 2004; Bravo,
2005) is due to lack of time or to other factors or
challenges. The impact of the HIPAA Security
Rule on a Healthcare institution's security plan-
ning and implementation was used as a proxy to
determine if covered entities are doing enough to
meet the security rule.
This research investigated the HIPAA security
rule compliance status of the healthcare institu-
tions in Washington State and the main factors
that may be a hindrance to the HIPAA security
rule implementation success.
A review of the relevant literature suggests
that the main issues are: ambiguity in the HIPAA
security rule, misunderstanding of HIPAA security
rule, lack of guidance, the absence of an official
certification process, lack of interest in compli-
ance, high cost, absence of effective leadership,
complexity of the rule's implementation, lack
QUANTITATIVE RESEARCH
QUESTIONS
HIPAA security rule has been mandated by Con-
gress and was supposed to have been in place by
the deadline of April 21, 2005. However, prelimi-
nary studies suggest that the HIPAA security rule
is far from fully implemented. The questions are,
is the mandated HIPAA security rule impacting
healthcare institutions behavior to be compliant
with the underlying requirements mandated by
congress in Washington State? is HIPAA secu-
rity rule met by covered entities in Washington
state? are all the factors identified in the related
literature (ambiguity in the HIPAA security rule,
misunderstanding of HIPAA security rule, lack
of guidance, the absence of an official certifica-
tion process, lack of interest in compliance, high
cost, absence of effective leadership, complexity
Search WWH ::




Custom Search