HIPAA security and Lotus Notes Domino

Back in June 2003, I wrote a series of articles about the federal HIPAA healthcare law and its effect on computer security. I explained the overall facts about this wide-ranging law, the changes it would mandate for many computer systems and detailed how Domino/Notes might be configured for those changes. I was proud of myself for being ahead of the curve, since the deadline for these changes was not until April 2005. I thought the summer of '03 was the perfect time to begin HIPAA security projects, with the implementation date about two years away. I began to offer a consulting service to advise clients about the HIPAA security regulations and help them meet the requirements.

The reaction to my articles was silence. No one applauded me for letting him or her know about the upcoming changes in such a timely manner. No one called to hire me for a HIPAA security audit. Even some of my ongoing Notes/Domino customers in the healthcare business did not seem interested in these HIPAA rules. So, I thought, "Oh well, nice try. I'm still making a good living with my other consulting work. No harm, no foul."

Then December '04 arrived. Data security and compliance officers in the healthcare world took a look at their projects for the next year and saw the looming HIPAA security deadline. I began to receive a lot of phone calls and e-mail about a topic I had more or less forgotten about. I now have a healthy business outlook for HIPAA projects.

In retrospect, I was unrealistic initially. The general HIPAA law calls for four or five large changes to healthcare practice in the U.S., and computer security is just one of those changes. Also, all the other parts of the law had earlier deadlines, which were occupying everyone's attention. With those deadlines past, compliance officers were able to look at the next piece of the puzzle.

So, here is my advice for the New Year… If your organization is involved with the healthcare business in any way -- including billing, data storage, consulting and software development -- now is really the time to get moving. The deadline for implementation of the HIPAA security rules is April 20 this year.

Here are the articles I wrote about HIPAA, which still apply:

• HIPAA overview
• HIPAA computer security
• HIPAA computer security and Domino/Notes

And, some other useful links:

• A HIPAA talk I gave, which summarizes the information in the articles.
• A HIPAA security audit checklist, as a Notes database application.
• A FAQ about HIPAA from the government Web site. Enter Category = HIPAA, Subcategory = All, Topic = All, Search Text = Security.

Chuck Connell is president of CHC-3 Consulting, which helps organizations with all aspects of Domino and Notes. Chuck also offers HIPAA computer security consulting via HipaaSecurityExperts.com.

Do you have comments on this tip? Let us know.

Please let others know how useful it is via the rating scale below. Do you have a useful Notes/Domino tip or code to share? Submit it to our monthly tip contest and you could win a prize and a spot in our Hall of Fame.

Rate this Tip To rate tips, you must be a member of SearchDomino.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Spam and Security Securely connect Lotus Domino servers on different domains Protect Lotus Notes from malicious code with the Domino ECL How to correct Lotus Notes public key mismatches in four easy steps A recipe for secure IM success Telecommuter security kit Spear phishing: Don't be a target FAQ: Lotus Notes Domino password issues Security awareness training: How to educate employees about spyware Seven tips to strengthen your Domino e-mail security Admin2005 preview: Tips, techniques, and a look at Notes/Domino Rel. 7 Lotus Notes Domino Security How to correct Lotus Notes public key mismatches in four easy steps Cracked users' HTTP passwords still a threat on many Lotus Notes R6 and R7 domains Top 10 Notes/Domino administration tips of 2006 Unsecured devices worry IT professionals Online crime as ugly as ever McAfee sued for patent infringement Mobile security starts with policy Antivirus researcher Gullotto leaves Symantec for Microsoft Symantec: Searching for a strategy? Symantec says enterprises failing to secure instant messaging Lotus Notes Domino Email Compliance IT governance in an IBM Lotus software environment E-discovery rules double-edged sword for CIOs IM, blogs next target for litigation Symantec peddles enterprise vault tool Compliance software essentials: Build a technology toolbox School district hooks up affordable compliance archive Top 10 best practices for e-mail archiving Email archiving and compliance considerations Study: SOX-compliant firms see drop in costs in year 2 Top 10 best practices for e-mail archiving RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.