Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Public Teleconferences
Join CIO Executive Council members and participate in the following live teleconferences:
* Planning for Succession:
Models for IT Leadership Development, June 23
* Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25
* Managing Change: Centralizing Your IT Organization
July 29
Apply today for a FREE subscription to CIO Magazine!
News Feature
HIPAA Security Rule Compliance Checklist
July 01, 2003 — CIO — Publication of the long-awaited HIPAA FINAL Security Rule in February didn’t exactly create the frenzy of a new Harry Potter novel hitting the bookshelves. Health-care CIOs were, after all, busy worrying about complying with the April 14, 2003, deadline for the Privacy Rule—and then there is the October 2003 deadline for HIPAA Transaction and Code Standards to contend with. It would be easy for companies to put the Security Rule lower on the priority list since the government’s compliance deadline is still two years away. Yet while it’s tempting to ration the number of brain cells devoted to HIPAA (the Health Insurance Portability and Accountability Act of 1996), health-care CIOs can’t afford to put security on the back burner for long—if at all.
"It’s true that from the perspective of the Department of Health and Human Services, the Security Rule is not enforceable until April 21, 2005. But HHS could impose penalties for security breaches based on the Privacy Rule, so by any other measure, you should’ve done it yesterday," says Kate Borten, president of health-care security and privacy consultancy The Marblehead Group and author of HIPAA Security Made Simple. "Don’t get lulled into thinking you have a couple of years."
While HIPAA fines won’t likely be levied for any security breaches that occur before 2005, should your organization suffer a breach tomorrow you can expect to find yourself on the front page of The New York Times or the target of a class-action lawsuit on behalf of patients whose data was exposed. And either of those things could make HIPAA penalties seem as harmless as drawing the "Go to jail" card in a Monopoly game.
Yet so far, less than 10 percent of health-care organizations recently polled by Gartner Research have implemented the security policies and procedures required by HIPAA. And only 78 percent of health-care providers met the April deadline for Privacy Rule compliance, according to the Health Information and Management Systems Society. Many organizations are waiting to see what will happen to noncompliers. "They figure the fines are cheaper than going into HIPAA compliance," says Wes Rishel, vice president and research area director at Gartner. "That’s a dangerous attitude."
While enforcement may not be stringent at first, he predicts that the government, along with the Joint Commission on Accreditation of Healthcare Organizations, or JCAHO, will eventually crack down on those organizations that have "fallen to the back of the pack" in compliance. "You don’t need to be the first, but you don’t want to be the last," Rishel warned at a recent Gartner symposium.
Regulations Shift Focus on Outbound Email Security
Johnson Controls Power Solutions Europe
Governance, Risk, and Compliance Management: Realizing the Value of Cross-Enterprise Solutions
SAP Solutions for Governance, Risk, and Compliance
SAP Case Study: The United Illuminating Company
Skechers, an IBM Customer Case Study
Get Control of Mobile Data (and More): Improve security and reduce costs with a mobility management platform (Video webcast)
The Great Email Security Debate: Appliances, SaaS, or Virtual?
Enabling the Global Enterprise
Get a grip on your mobile workforce Webcast
Business Networks are Evolving today Webcast
Integration as a Service: Are you connected?
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
Symantec Warns of New Word Attack
VMware Replaces CEO, Shares Plummet
The Internet Gets a Patch, As DNS Bug is Fixed
Groups: Targeted Ad Program May Be Illegal
US Senate Resumes Debate on Surveillance Bill
Google Launches Blog for Sub-Sahara Africa
Adobe Readying New Mashup Tool for Business Users
Celtel Begins Financial Compensation Program
Microsoft Patches Security Bugs in Products
Kenyan Economy to Benefit From E-Transaction Law
How To Do Nearly Anything
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
