Abstract
Access to healthcare is not a new issue, but it has been only in the last few years that it has gained significant traction with the federal government passing a number of laws to greatly enhance the exchange of medical information between all relevant parties: patients, providers, and payers. This research focuses specifically on these issues by examining industry compliance to the Health Insurance Portability and Accountability Act, electronic health record adoption, and the federal Meaningful Use program; all from the healthcare provider’s perspective. While many plans have been made, guidelines created, and national strategies forged, there are significant gaps in how actual technology will be applied to achieve these goals. The goal of this research is to bridge the gap from regulation to practice in a number of key technological areas of healthcare information security. Using standardized frameworks, this research proposes how accessibility, efficiency, and integrity in healthcare information security can be improved.
Chapter PDF
Similar content being viewed by others
References
United States. Department of Health and Human Services. Office of Civil Rights, HIPAA Administrative Simplification (2006), http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/adminsimpregtext.pdf (retrieved November 2011)
United States. Department of Health and Human Services. Center for Medicare and Medicaid Services, CMS EHR Meaningful Use Overview (2012), https://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/Meaningful_Use.html (last accessed June 2012)
United States. Department of Commerce. National Institute of Standards and Technology, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (rev 1) (2008), http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf (retrieved July 2011)
HIMSS Analytics, EMR Adoption Trends (2012), http://www.himssanalytics.org/stagesGraph.asp (last accessed October 2012)
United States. Department of HHS. The Office of the National Coordinator for Health Information Technology, EHR Incentive Programs (2012), http://www.healthit.gov/providers-professionals/ehr-incentive-programs (retrieved February 2013)
United States. Department of HHS. CMS, Data and Reports (2012), http://www.webcitation.org/6EMwIm36I (retrieved July 2012)
United States. Department of Health and Human Services. Center for Medicare and Medicaid Services, HIPAA Security Series – Security Standards: Technical Safeguards (2007), http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf (retrieved September 2011)
Kroll, HIPAA Self Risk Assessment (2013), http://www.krollcybersecurity.com/hipaa-risk-assessment/ (last accessed on November 2013)
Clearwater Compliance, Achieve HIPAA HITECH Compliance (2013), https://www.hipaasecurityassessment.com/ (last accessed on November 2013)
Harle, C., Dewar, M.: Factors in Physician Expectations of a Forthcoming Electronic Health Record Implementation. In: Proceedings of the 45th Hawaii International Conference on System Sciences, pp. 2869–2878 (2012), doi:10.1109/HICSS.2012.277
Acharya, A., Coats, B., Saluja, A., Fuller, D.: A Roadmap for Information Security Assessment for Meaningful Use. In: Proceedings of the 2013 IEEE/ACM International Symposium on Network Analysis and Mining for Health Informatics, Biomedicine and Bioinformatics, Shanghai, China (2013)
United States. Department of Commerce. NIST, Technical Guide to Information Security Testing and Assessment (2008), http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf (retrieved June 2012)
HIMSS Analytics, EMR Adoption Model (2011), http://www.webcitation.org/6A1XGCtkJ (last accessed on November 2011)
Coats, B., Acharya, S., Saluja, A., Fuller, D.: HIPAA Compliance: How Do We Get There? A Standardized Framework for Enabling Healthcare Information Security & Privacy. In: Proceedings of the 16th Colloquium for Information Systems Security Education, Orlando, Florida (2012)
United States. National Archives and Records Administration, Title 45 – Public Welfare, Subtitle A – Department of HHS, Part 164 – Security and Privacy (1996), http://www.access.gpo.gov/nara/cfr/waisidx_07/45cfr164_07.html (retrieved April 2012)
United States. Department of Commerce. National Institute of Standards and Technology, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, rev 1 (2008), http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf (retrieved July 2011)
Appari, A., Anthony, D.L., Johnson, M.E.: HIPAA Compliance: An Examination of Institutional and Market Forces (2009), http://www.himss.org/foundation/docs/Appari_etal2009_HIPAAcompliance_20091023.pdf (last accessed on November 2011)
United States. Department of Commerce. NIST, Technical Guide to Information Security Testing and Assessment (2008), http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf (retrieved June 2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Acharya, S., Coats, B., Saluja, A., Fuller, D. (2014). From Regulations to Practice: Achieving Information Security Compliance in Healthcare. In: Tryfonas, T., Askoxylakis, I. (eds) Human Aspects of Information Security, Privacy, and Trust. HAS 2014. Lecture Notes in Computer Science, vol 8533. Springer, Cham. https://doi.org/10.1007/978-3-319-07620-1_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-07620-1_19
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07619-5
Online ISBN: 978-3-319-07620-1
eBook Packages: Computer ScienceComputer Science (R0)