Health care payers and providers have two weeks until security rules protecting electronic health information kick in. Accordingly, trade and government groups have released an array of tools to help them make sure they are complying with the law.
The deadline of April 20 is set by HIPAA (Health Insurance Portability and Accountability Act) and covers all but the smallest of health plans.
Although some small payers and providers are still scrambling to meet the deadline, most are well on their way to compliance, if not already there, said Chris Noell, vice president of business development at Solutionary Inc., which helps companies manage their security needs. “There hasn’t been a last-minute rush; we were seeing as much demand six months ago as we are today,” he said.
As companies move from implementing security policies to maintaining them, Noell advised firms to consider regulations like HIPAA, PCI (credit card security policies) and the Sarbanes-Oxley Act collectively rather than separately. “Doing these as one-offs is incredibly expensive,” he said.
In general, health care payers and providers tend to focus on specific details while neglecting the big picture. For example, it’s common for firms to over-invest in firewalls and anti-virus tools but lack a policy on what to do and whom to notify if something goes wrong.
For entities still worried about the specific requirements two weeks away, the following might help: