(To learn more about HIPAA, see “The HIPAA Privacy Rule: Answers to Frequently Asked Questions,” FPM, November/December 2002, page 35 and the box on page 30.) Organizations considered covered entities under HIPAA are mandated to inform patients of the new privacy rights and their privacy policies and procedures (to determine whether you’re a covered entity, go to ).To comply, you’ll need to develop a Notice of Privacy Practices and provide it to your patients at the first office visit after April 14, 2003 (or earlier, if you have it ready).Lisa Gallagher, senior director of privacy and security for HIMSS, said speaking at the 2012 Boston Privacy and Security Forum, that somewhere between 40 million to 45 million patient records have actually been compromised.The number can't be confirmed, as the data isn't all there, she adds, but it's a more accurate number based on healthcare organizations' reporting.HIPAA also requires you to obtain patients’ written acknowledgement that notice has been received and file the acknowledgement in the patient record.A patient’s refusal to sign the acknowledgement should be documented and filed in the patient record.This includes establishing standards for investigating a data breach and providing requirements for notifying regulators and consumers.The NAIC has already developed a Roadmap for Cybersecurity Consumer Protections and Principles for Effective Cybersecurity: Insurance Regulation Guidance.
HIPAA legislation grants patients several new rights, among them greater access to and control over their medical records.
Theft accounted for 83 percent of all large HIPAA privacy and security breaches, according to Redspin, which calculated its numbers using HHS data.
Some 22 percent of breaches since 2009 were due to unauthorized access, and theft or loss of encrypted devices or computers accounted for 35 percent of all breaches; hacking accounted for 6 percent.
Therefore, document everything and make it part of a security manual.
If you need a simple answer to the question, “Why is computer security necessary and important?