Information Technology Reference
In-Depth Information
Main Factors' Data Analysis
some extent within the framework of IT security
and was met widely before HIPAA security rule.
Establishing procedures for obtaining necessary
electronic protected health information during an
emergency is required by HIPAA security rule,
68.8% of the sample reported that they are in
compliance and 53% of them reported to be in
compliance around the mandated date. Implement-
ing procedures that terminate an electronic session
after a predetermined time of inactivity is a basic
security feature that HIPAA security rule required.
Ninety four percent reported to be in compliance
before 2005; however, this researcher believes that
this response may be associated with the fact that
most software manufacturers adopt this feature
by default. Healthcare organizations participated
in this study failed miserably when it came to
encrypting and decrypting ePHI as required by
HIPAA security rule. Only 13.5% implemented
a mechanism to encrypt and decrypt ePHI. Data
indicated that most of the healthcare organiza-
tions compliant implemented hardware, software,
and/or procedural mechanisms that record and
examine activity in information systems that
contain or use ePHI between April and December
2005 and 2006. Ensuring that ePHI did not get
altered or destroyed in an unauthorized manner
is a requirement imposed by the HIPAA security
rule, however, as of 2007, only 47.9% of the par-
ticipating healthcare organizations reported to be
compliant with this requirement. Data revealed that
most of the respondent's organizations (89.6%)
were compliant. However, about 64.6% of them
implemented procedures to verify the identity of
a person or entity seeking access to ePHI between
April and December 2005 and 2006. Between
April and December 2005 and 2006, 53.1% of
healthcare organizations participating in this
study implemented security measures to ensure
that electronically transmitted health information
is protected against unauthorized modification
until disposal. A total of 70.8% of the participants
reported to meet this requirement.
According to the data collected from this study,
High Cost, Complexity of the Rule's Implemen-
tation, Lack of Expertise in Security, Lack of
Expertise in the HIPAA Security Rule, and Lack
of Guidance emerged as the most impeding factors
for the HIPAA security rule compliance process.
DISCUSSION
The analysis of the data collected from the three
parts of the instrument, suggested that health-
care organizations' performance differ from one
requirement to another. For some requirements,
the response was very strong across the board.
However, the response was weak for other re-
quirements.
Tracking the time when healthcare organiza-
tions reacted to the HIPAA security rule, permitted
this researcher to state with confidence that without
the HIPAA security rule and its mandated date, it
is less likely that healthcare organizations perform
the way they did towards securing ePHI. There-
fore, the answer to the first question of this study.
Data analysis of the last question about HIPAA
security rule preparedness indicates that the 64.6%
of respondents who answered, “agree” or “strongly
agree” believe their healthcare institutions are in
compliance with the security rule. Data synthesis
of the three main parts of the instrument suggests
the same outcome and results (Analysis by sec-
tion). Therefore, the answer to the second ques-
tion of this study, which suggest that none of the
covered entities met all the HIPAA security rule
requirements. This researcher believes that the
HIPAA security rule is being far from achieved.
Progress in the HIPAA security rule implemen-
tation process was made in the last couple of
years. However, this progress is slowing down
according to the number of implementations in
the recent years.
Search WWH ::
Custom Search