You've left out HIPAA (or the Health Insurance Portability and Accountability Act of 1996), which is a lasting tribute to "Billy" (JoeRayBob) Clinton. One of the more convoluted pieces of government work produced in recent years, was held back due to inconsistencies within the documentation.

What will affect thousands of clinics, small healthcare institutions and organizations, is the *required* compliance to the Privacy Standards section by April 14, 2003. For more info about the Privacy Standards, go to this web site: http://aspe.hhs.gov/admnsimp/bannerps.htm or here: http://www.hhs.gov/ocr/hipaa/.

In a nutshell, this provision relates to privacy issues, and the disclosure (or in this case, the lack of disclosure) of information to patients and other healthcare organizations.

Some organizations won't be required to be compliant until next year (2004); however, this is the beginning of a series of steps of compliancy to provisions that are *required* by our federal government. And NEXT year (2004) will hold other surprises, esp. when the Security Standards will be required.

And here's the best part -- non-compliancy to HIPAA -- if found to be in violation -- carries stiff penalities, fines and imprisonment -- for everyone that uses, processes, distributes, and relays ANY patient information in their processes, records tracking systems, documents, etc.

This is not something that should be overlooked nor viewed lightly. I think that you should consider reviewing the impacts of what would happen if healthcare institutions DO NOT implement the *required* compliancy to HIPAA starting with this year.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/135/17811#17811