Explain the security implications of HIPPA requirements for

Explain the security implications of HIPPA requirements for hospital networks.

your responce should be 300 words

Solution

HIPAA stands for Health Insurance Portability and Accountability Act.

Passed in 1996 HIPAA is a federal law that sets a national standard to protect medical records and other personal health information. The rule defines \"protected health information\" as health information that:
1. Identifies an individual and
2. Is maintained or exchanged electronically or in hard copy.
If the information has any components that could be used to identify a person, it would be protected. The protection would stay with the information as long as the information is in the hands of a covered entity or a business associate.

HIPAA Security Rules
The portion of the HIPAA law that most impacts technology interests is the section on Administrative Simplification (Title II, Subtitle F). Administrative Simplification seeks to force uniform standards in the electronic interchange of health information (through the Transaction Rule) and also mandates guidelines for the security (Security rules) and privacy (Privacy rules) of that information whether in transit or stored. The HIPAA Security regulations apply to that protected health information that is electronically maintained or used in an electronic transmission1
. Administrative Simplification is divided in to Transaction, Security and Privacy Rules.
The HIPAA Security rules are divided into four sections:
· Administrative Safeguards
· Physical Safeguards

· Security Services
· Security Mechanisms
Administrative safeguards deal with those administrative policies, procedures and practices that are used by a covered entity to handle protected health information. These generally take the form of written policies and procedures that are practiced in normal day-to-day operations. Physical safeguards deal with physical access to data and facilities within that contain protected health information. Security services and security mechanisms specifically address technical systems, networks and applications that possess or transmit protected
health information.
The HIPAA Security rules mandate that if healthcare information (also referred to in the HIPAA text as protected health information) is stored or processed electronically, then the security rule applies to that covered entity. This would seem to exempt pure paper-based operations from the Security rules, but even
these organizations likely use fax technology, which is covered by the HIPAA security rule. Accordingly, there are very few healthcare organizations that will escape the grasp of the HIPAA regulations as very few are entirely paper-based.
HIPAA Security rules essentially resemble a collection of the recommended best practices for security management and operations. For this reason, if the healthcare organization has already adopted sound security practices, the HIPAA-compliance effort should be minimal. Given that Security is not a prime concern for many healthcare organizations, especially smaller organizations, the cost and effort to become HIPAA compliant will be staggering. The U.S. Government has placed the cost of the HIPAA compliance effort at $5.8 billion,
but industry analysts believe that this figure is low and the cost may be closer to
$25 billion.2
According to Fitch IBCA, most of the costs associated with HIPAA will be in modifying existing information technology systems or purchasing new ones, hiring and retraining staff, and changing existing processes for maintaining patient privacy. Interestingly enough, HIPAA is technology –neutral in that it does not mandate any specific technology from any vendor. It specifies the policies, procedures, services and mechanisms that must be in place and leaves the underlying technology choices to the individual organization.
HIPAA places heavy emphasis on the creation and documentation of policies and procedures. It will not be enough under HIPAA law to simply have an ad-hoc or commonly used process in place to address HIPAA-compliance; the process (including the supporting policy and procedures) must be fully documented to adequately meet most HIPAA regulations. In this regard, HIPAA is in effect
legislating security best practices into the healthcare industry.