Advertisement

From Regulations to Practice: Achieving Information Security Compliance in Healthcare

  • Subrata Acharya
  • Brian Coats
  • Arpit Saluja
  • Dale Fuller
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8533)

Abstract

Access to healthcare is not a new issue, but it has been only in the last few years that it has gained significant traction with the federal government passing a number of laws to greatly enhance the exchange of medical information between all relevant parties: patients, providers, and payers. This research focuses specifically on these issues by examining industry compliance to the Health Insurance Portability and Accountability Act, electronic health record adoption, and the federal Meaningful Use program; all from the healthcare provider’s perspective. While many plans have been made, guidelines created, and national strategies forged, there are significant gaps in how actual technology will be applied to achieve these goals. The goal of this research is to bridge the gap from regulation to practice in a number of key technological areas of healthcare information security. Using standardized frameworks, this research proposes how accessibility, efficiency, and integrity in healthcare information security can be improved.

Keywords

Meaningful Use HIPAA Compliance Assessment 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    United States. Department of Health and Human Services. Office of Civil Rights, HIPAA Administrative Simplification (2006), http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/adminsimpregtext.pdf (retrieved November 2011)
  2. 2.
    United States. Department of Health and Human Services. Center for Medicare and Medicaid Services, CMS EHR Meaningful Use Overview (2012), https://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/Meaningful_Use.html (last accessed June 2012)
  3. 3.
    United States. Department of Commerce. National Institute of Standards and Technology, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (rev 1) (2008), http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf (retrieved July 2011)
  4. 4.
    HIMSS Analytics, EMR Adoption Trends (2012), http://www.himssanalytics.org/stagesGraph.asp (last accessed October 2012)
  5. 5.
    United States. Department of HHS. The Office of the National Coordinator for Health Information Technology, EHR Incentive Programs (2012), http://www.healthit.gov/providers-professionals/ehr-incentive-programs (retrieved February 2013)
  6. 6.
    United States. Department of HHS. CMS, Data and Reports (2012), http://www.webcitation.org/6EMwIm36I (retrieved July 2012)
  7. 7.
    United States. Department of Health and Human Services. Center for Medicare and Medicaid Services, HIPAA Security Series – Security Standards: Technical Safeguards (2007), http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf (retrieved September 2011)
  8. 8.
    Kroll, HIPAA Self Risk Assessment (2013), http://www.krollcybersecurity.com/hipaa-risk-assessment/ (last accessed on November 2013)
  9. 9.
    Clearwater Compliance, Achieve HIPAA HITECH Compliance (2013), https://www.hipaasecurityassessment.com/ (last accessed on November 2013)
  10. 10.
    Harle, C., Dewar, M.: Factors in Physician Expectations of a Forthcoming Electronic Health Record Implementation. In: Proceedings of the 45th Hawaii International Conference on System Sciences, pp. 2869–2878 (2012), doi:10.1109/HICSS.2012.277Google Scholar
  11. 11.
    Acharya, A., Coats, B., Saluja, A., Fuller, D.: A Roadmap for Information Security Assessment for Meaningful Use. In: Proceedings of the 2013 IEEE/ACM International Symposium on Network Analysis and Mining for Health Informatics, Biomedicine and Bioinformatics, Shanghai, China (2013)Google Scholar
  12. 12.
    United States. Department of Commerce. NIST, Technical Guide to Information Security Testing and Assessment (2008), http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf (retrieved June 2012)
  13. 13.
    HIMSS Analytics, EMR Adoption Model (2011), http://www.webcitation.org/6A1XGCtkJ (last accessed on November 2011)
  14. 14.
    Coats, B., Acharya, S., Saluja, A., Fuller, D.: HIPAA Compliance: How Do We Get There? A Standardized Framework for Enabling Healthcare Information Security & Privacy. In: Proceedings of the 16th Colloquium for Information Systems Security Education, Orlando, Florida (2012)Google Scholar
  15. 15.
    United States. National Archives and Records Administration, Title 45 – Public Welfare, Subtitle A – Department of HHS, Part 164 – Security and Privacy (1996), http://www.access.gpo.gov/nara/cfr/waisidx_07/45cfr164_07.html (retrieved April 2012)
  16. 16.
    United States. Department of Commerce. National Institute of Standards and Technology, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, rev 1 (2008), http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf (retrieved July 2011)
  17. 17.
    Appari, A., Anthony, D.L., Johnson, M.E.: HIPAA Compliance: An Examination of Institutional and Market Forces (2009), http://www.himss.org/foundation/docs/Appari_etal2009_HIPAAcompliance_20091023.pdf (last accessed on November 2011)
  18. 18.
    United States. Department of Commerce. NIST, Technical Guide to Information Security Testing and Assessment (2008), http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf (retrieved June 2012)

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Subrata Acharya
    • 1
  • Brian Coats
    • 1
  • Arpit Saluja
    • 2
  • Dale Fuller
    • 3
  1. 1.Computer and Information SciencesTowson UniversityTowsonUSA
  2. 2.CIMSJohns Hopkins Medical InstituteBaltimoreUSA
  3. 3.University of Pittsburgh Medical Center AltoonaAltoonaUSA

Personalised recommendations