CHAPTER 71

MEDICAL RECORDS PROTECTION

Paul J. Brusil

71.1 INTRODUCTION

71.2 INFORMATION AND INFORMATION TECHNOLOGY IN HEALTHCARE

71.2.1 Medical Record Information Is Key to Healthcare

71.2.2 Role of IT in Healthcare

71.3 INFORMATION PRIVACY AND SECURITY ARE IMPORTANT IN HEALTHCARE

71.3.1 Increasing Healthcare Information Technology Risks and Vulnerabilities

71.3.2 Healthcare Information Privacy and Security Needs and Challenges

71.3.3 Core Privacy and Security Model in Healthcare

71.4 NONMEDICAL DRIVERS FOR HEALTHCARE INFORMATION PROTECTION

71.4.1 Political Pressure

71.4.2 Public Pressure and Media Pressure

71.4.3 Patient Expectations

71.5 UNITED STATES LAWS AND GOVERNMENT POLICIES

71.5.1 Federal Laws

71.5.2 State Privacy and Security Laws

71.5.3 Government Policies

71.5.4 Emerging Legislation

71.6 HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT

71.6.1 HIPAA Administrative Simplification Overview

71.6.2 Privacy and Security Strategy

71.6.3 Privacy Regulations

71.6.4 Security Regulations

71.6.5 Enforcement, Penalties, and Liabilities

71.6.6 Realities in Fielding HIPAA Information Protection Regulations

71.7 SUMMARY

71.8 FURTHER READING

71.9 NOTES

71.1 INTRODUCTION.

U.S. regulatory compliance forces increased attention on information protection. Regulations such as SOX 404 (Sarbanes-Oxley), FISMA (Federal Information System Management Act), GLB (Gramm-Leach Bliley), HIPAA (Health Insurance Portability and Accountability Act), and others are establishing floors of due diligence ...