Information Technology Reference
In-Depth Information
written contracts or other arrangements with busi-
ness associates to ensure private data protections
after the HIPAA security rule mandated deadline.
In 2007, 24% also joined the compliant group
when it comes to this requirement. The aim of
these requirements is to ensure administratively
the security and privacy of ePHI and the systems
that they are on. However, physical safeguards
should not be overlooked.
impact of the HIPAA security rule on the healthcare
institutions security behavior. Data indicated that
most of the healthcare organizations (39.6% from
72.9%) implemented policies and procedures to
address the final disposition of electronic pro-
tected health information, and/or the hardware or
electronic media on which it was stored first in
2006. Similarly, most of the respondent in compli-
ance with this requirement (37.5%) reported that
their organizations implemented procedures for
removal of ePHI from electronic media before
the media are made available for re-use in 2006.
Data indicated that the requirement of hardware,
electronic media, and personnel movements, track-
ing and recording procedures were implemented
mostly (39.6% from 77.1%) in 2006; however,
29.2% implemented this requirement within
and before 2005. Healthcare organizations in
this sample performed poorly (72.9%) and were
not yet compliant with the requirement to create
retrievable, exact copy of Technical electronic
protected health information, when needed, before
movement of equipment.
Physical safeguards required by HIPAA secu-
rity rule were aimed at securing the premises where
ePHI data is stored and the systems that stored
it. Communication using networks, the Internet,
e-mail, other digital means, and remote access
are required features to exchange information
between healthcare organizations. Data transferred
through these means has to be protected. Techni-
cal safeguards required by HIPAA security rule
emerged from such needs.
Physical Safeguards' Data Analysis
The HIPAA security rule instituted many physi-
cal safeguards aimed at protecting ePHI and the
equipment that is stored on or accessed from.
Data from this investigation revealed that 72.9%
of Healthcare Organizations from the sample
implemented procedures that allow facility access
in support of restoration of lost data in the event
of an emergency. Only 13.5% was before April
2005. All participants reported they implemented
policies and procedures to safeguard the facility
and the equipment therein from unauthorized
physical access, tampering, and theft. Data shows
that as of 2007, 87.5% of healthcare organizations
participated in this research study implemented
procedures to control and validate personnel ac-
cess; most of them (51.1%) around the mandated
date and after.
Documentation of repairs and modification of
the physical components policies and procedures
were adopted mostly (61.5%) around the man-
dated date of the HIPAA security rule. Policies
and procedures regarding workstations use were
widely implemented, 81.3% reported they are in
compliance with this requirement. Also 80.2%
reported that their healthcare organizations imple-
mented physical safeguards for all workstations
that access electronic protected health information
restricting access to authorized users, about half
(39.6%) implemented this requirement between
April and December 2005. Data shows a direct
Technical Safeguards' Data Analysis
The majority (70.8%) of healthcare organizations
that reported to be compliant (96.9%) adopted this
basic security requirement, which is assigning a
unique name and/or number for identifying and
tracking user identity before April 2005. This re-
searcher believes that this requirement is basic to
Search WWH ::
Custom Search