Home page logo

isn logo Information Security News mailing list archives

RE: Navigating the HIPAA Hype
From: InfoSec News <isn () c4i org>
Date: Wed, 13 Jun 2001 22:32:32 -0500 (CDT)

Forwarded by: joel garmon <jgarmon () texas net>

I have a pretty good background in computer security and have been
dealing with HIPAA for almost 2 years now.  I agree that the security
portion is not rocket science and are things that we should be doing
now anyway.  The good thing about HIPAA is that I can say "Look, it is
not just me stating this, it is now the law." when I want to get
things done.

The real impact to organizations dealing with HIPAA is the privacy and
transactions rules -- and they ARE final.

joel garmon


June 11, 2001
By Greg Shipley 
When I started investigating the Health Insurance Portability and
Accountability Act (HIPAA), I was intrigued; HIPAA seemed to be one of
the first real steps in the right direction. But anyone who's worked
with the regulations will tell you: HIPAA has ruffled feathers. Its
scope will touch organizations both large and small, and a number of
deep-rooted problems will need fixing. Of course, if pain proves
profitable, you'll find businesses there to capitalize on it. Over the
past 12 months I've been bombarded by news releases rambling on about
HIPAA offerings: compliancy checks, audits, industry-expert
availability and a variety of other HIPAA-related services. Accounting
firms, consulting houses and other vendors are all looking to get a
piece of the chaos, uh, I mean, action ... and the foul stench of FUD
is in the air.

Although I welcome much of what HIPAA is attempting, there's one major
point the sales and marketing pimp squads continue to ignore: Many of
the proposed "standards" haven't been ratified yet. Of the seven
sections that comprise the "Administrative Simplification" portion
(which affects IT heavily), only two standards have achieved "final
rule" status. More comical is the lack of people who have read the
drafts -- many "experts" haven't even read word one.


ISN is hosted by SecurityFocus.com
To unsubscribe email isn-unsubscribe () SecurityFocus com 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]