Monday, May 17, 2010

Much said lately about Security/Privacy, but really nothing new

There was lots of healthcare related privacy and security news last week, but ultimately not much new was said.
All have the same theme. There is now a forcing function in OCR and their Breach Notification web site. It is time to dust off the Risk Assessment tools, Document what you do, and do what you document. To emphasize this, OCR released today Security Rule Draft Guidance
The Office for Civil Rights (OCR) is responsible for issuing periodic guidance on the provisions in the HIPAA Security Rule. (45 C.F.R. §§ 164.302 – 318.)  This series of guidance documents will assist organizations in identifying and implementing the most effective and appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of electronic protected health information. The materials will be updated annually, as appropriate.
Yes, nothing new… Well, what is new is a market place realization that they just might need to take security and privacy seriously.