• E-mail
• Print
• RSS

How do you convince management that Security Rule compliance is important?

HIM-HIPAA Insider, March 22, 2004

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Q: Is there a way to convince management that Security Rule compliance is just as important, if not more so, than Privacy and Transactions and Code Sets compliance?

A: As everyone is hearing more and more about hackers, viruses, and loss
of confidential information in the media, information security is finally
reaching the radar screens of lots of managers.  Also, many managers are
seeing that protecting the information that the organization couldn't
survive without, is the logical thing to do and an all-around good way of
running a business.

In addition to these general statements, there are two main HIPAA-related
points you can make: 1) It's common knowledge, yet often overlooked, that it's technically impossible to achieve Privacy Rule compliance without
implementing many of the security measures outlined in the Security Rule,
and 2) With all the time, effort, and money that has been and will be
spent on Privacy and Transactions and Code Sets Rule compliance, why throw it all away by not properly securing PHI where it's most vulnerable?
Besides, the Security Rule is one of the three major parts of HIPAA
administrative simplification.

If you receive pushback or other concerns, simply treat those as requests
for more information.  You don't want to bug them or overwhelm them, but
you can certainly run some security tests or find some of the answers
they're looking for and return with that information in hand.  Remember,
with information security, knowledge is power (for you) and education is
key (for your upper managers).

Editor's note: Answered by Kevin Beaver, CISSP, a consultant with
Kennesaw, GA-based Principle Logic, LLC. This is not legal advice. Be sure to
consult with your facility's legal counsel for legal matters.

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

• E-mail to a Colleague
• Print
• RSS
• Archive