CIO Executive Programs
The Leader in Face-to-Face Education for Senior ExecutivesOffering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
CIO Executive Council
Public TeleconferencesJoin CIO Executive Council members and participate in the following live teleconferences:
* Planning for Succession:
Models for IT Leadership Development, June 23
* Youth in IT: How CIOs Can Engage the Next Generation
June 10
* Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25
Are you involved in setting the direction for your company's IT budget or strategy?
Apply today for a FREE subscription to CIO Magazine!
Subscription Services »
Reprints »
News Feature
Small Firms Still Having Trouble Complying with HIPAA
October 15, 2006 — CIO —
In 2001, Ron Uno, manager of information management at Kuakini Health Systems, made the decision to move his hospital’s medical records system from paper to computers. The main motivation for the costly, multiyear project? The Health Insurance Portability and Accountability Act, or HIPAA, the then five-year-old federal law that sets standards for protecting the security and privacy of American medical records. If the hospital had an electronic medical records (EMR) system, Uno reasoned, it would be easier to monitor who was accessing sensitive patient information and to comply with the law’s privacy and security regulations.
Five years later, Uno is halfway through implementing an EMR system. He estimates that Kuakini, a nonprofit with $275 million in revenue that operates a 250-bed hospital and a 200-bed long-term care facility in Honolulu, has spent $10 million to $15 million on implementing the system and other technologies to help it comply with HIPAA. "Even though we’re a small hospital, we’re trying to comply as much as we can," says Uno, who is closing in on full HIPAA compliance, though he’s not there yet.
The Long, Hard Road to Compliance
A decade after HIPAA was signed into law, CIOs like Uno are still struggling to comply with its provisions. Some lack the resources to fully meet the requirements of this complex set of rules; others seem to feel little need to hurry since the federal government has not aggressively enforced the law. So it comes as no surprise to learn that HIPAA compliance rates appear to be slipping.
Fewer hospitals and healthcare facilities are fully complying with the law this year than in 2005, according to a recent survey by the American Health Information Management Association (AHIMA), a professional organization for health information executives. And more than one-quarter of U.S. security executives whose organizations need to be HIPAA-compliant admit that they are not, according to "The Global State of Information Security 2006," a study released last month by CIO and PricewaterhouseCoopers.
These findings stand in sharp contrast to the billions of dollars invested by healthcare CIOs in technologies to protect medical records, including EMRs, firewalls, remote monitoring systems, intrusion detection, auditing software and encryption programs. HIPAA compliance rates declined across institutions of all sizes, but specialists say the problem is most acute at small to midsize hospitals with their limited budgets. "Smaller hospitals with thinner margins and smaller IT budgets will have a more difficult time being compliant," says Gartner analyst Robert Booz.
| RELATED SOLUTIONS |
Extending PCI Compliance to the Mobile Workforce: How to implement security best practices for mobile and remote computers
ITCi White Paper: Challenges and Opportunities of PCI
Tripwire PCI DSS Solutions: Automated, Continuous Compliance
The PCI Data Security Standard
Compliance by the numbers - addressing requirements with online document management and collaboration technology
Mitigating Risk with Security Assessments
Protect your network and reap the benefits of wireless
Get Control of Mobile Data (and More): Improve security and reduce costs with a mobility management platform (Video webcast)
IT productivity challenges: Google surveyed IT professionals to find out more
Get Rich or Get Thin: The Secure Client Webcast
Automation: Improving Business Services
Protect yourself against internal threats: Reduce risk and liability of data breaches in test and production
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
Kenya ICT Board Faces More Conflict Allegations
Ericsson Partners with Zain
Zambian Court Blocks International Mobile Company Bid
Qualcomm Will Trial Future Wireless Broadband in UK
Kenya Moves to Thwart Mobile-Phone Crimes
Former Tech Executive Found Guilty of Securities Fraud
Vodafone Acquires Social-Networking Platform Company
Good News From Sprint, Covad WiMax Trials
Windows Coming on Dual-Boot OLPC
Yahoo Tells Icahn That Its Own Board Knows Best
More News »
How To Do Nearly Anything
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
