Strategy: HIPAA Security
Security via HIPAA Compliance
If you work in healthcare, you’ve probably been struggling to meet the requirements of the HIPAA Security Rule for quite a while now. Recent changes as a result of HITECH—the Health Information Technology for Economic and Clinical Health Act, enacted as part of the American Recovery and Reinvestment Act of 2009 to promote the adoption and meaningful use of health IT—have likely added more challenges. For security professionals charged with translating the Security Rule into actionable technical controls, the situation is particularly intense. In this report we address current best practices for achieving HIPAA compliance, outline how these practices affect the overall security effort within the enterprise, and examine key reasons companies remain out of compliance with HIPAA and HITECH requirements. We also explore how security pros can leverage the HIPAA Security Rule and HITECH to improve their companies’ overall security.