Back in June 2003, I wrote a series of articles about the federal HIPAA healthcare law and its effect on computer security. I explained the overall facts about this wide-ranging law, the changes it would mandate for many computer systems and detailed how Domino/Notes might be configured for those changes. I was proud of myself for being ahead of the curve, since the deadline for these changes was not until April 2005. I thought the summer of '03 was the perfect time to begin HIPAA security projects, with the implementation date about two years away. I began to offer a consulting service to advise clients about the HIPAA security regulations and help them meet the requirements.
The reaction to my articles was silence. No one applauded me for letting him or her know about the upcoming changes in such a timely manner. No one called to hire me for a HIPAA security audit. Even some of my ongoing Notes/Domino customers in the healthcare business did not seem interested in these HIPAA rules. So, I thought, "Oh well, nice try. I'm still making a good living with my other consulting work. No harm, no foul."
Then December '04 arrived. Data security and compliance officers in the healthcare world took a look at their projects for the next year and saw the looming HIPAA security deadline. I began to receive a lot of phone calls and e-mail about a topic I had more or less forgotten about. I now have a healthy business outlook for HIPAA projects.
In retrospect, I was unrealistic initially. The general HIPAA law calls for four or five large changes to healthcare practice in the U.S., and computer security is just one of those changes. Also, all the other parts of the law had earlier deadlines, which were occupying everyone's attention. With those deadlines past, compliance officers were able to look at the next piece of the puzzle.
So, here is my advice for the New Year… If your organization is involved with the healthcare business in any way -- including billing, data storage, consulting and software development -- now is really the time to get moving. The deadline for implementation of the HIPAA security rules is April 20 this year.
Here are the articles I wrote about HIPAA, which still apply:
And, some other useful links:
- A HIPAA talk I gave, which summarizes the information in the articles.
- A HIPAA security audit checklist, as a Notes database application.
- A FAQ about HIPAA from the government Web site. Enter Category = HIPAA, Subcategory = All, Topic = All, Search Text = Security.
Do you have comments on this tip? Let us know.
Please let others know how useful it is via the rating scale below. Do you have a useful Notes/Domino tip or code to share? Submit it to our monthly tip contest and you could win a prize and a spot in our Hall of Fame.
This was first published in January 2005