With the growing reliance on information technology in the healthcare industry, the security and privacy of medical records have become a government regulated requirement. Technology innovation has delivered significant advances in electronic health records (EHR) technology, enabled broad collaboration in diagnosis and research, and streamlined efficiency of administrative processes, like integrated billing systems.
The U.S. Health and Human Services (HHS) Office for Civil Rights (OCR) recently reported that nearly 8.3 million individuals were impacted by 249 privacy and security breaches between September 2009 and March 2011. This highlights the importance of having proper IT security procedures and practices in place to ensure that confidentiality and security of patient information is preserved when it is transferred, received, handled, stored, or shared. To address the growing need for privacy of medical information, the Health Insurance Portability and Accountability Act (HIPAA), established in 1996, includes definitions of the requirements for appropriate use and safeguarding of Electronic Protected Health Information (ePHI). The Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the 2009 American Recovery and Reinvestment Act (ARRA), includes updates to the HIPAA standards to further strengthen the privacy and security of health information as well as adds specific requirements for breach response and notification. In today’s sophisticated IT environment, traditional security controls are no longer enough to protect critical infrastructure, applications, and data.