HIPAA deadline ups healthcare anxiety

Healthcare software: Regulatory issues abound.

For John Hennessey, sifting and sorting through Health Insurance Portability and Accountability Act regulations has been a large ordeal.

Hennessey is the CIO for Dallas County, which contracts with the University of Texas Medical division to supply healthcare to Texas prison system inmates. Healthcare organizations across the country face an April 14 deadline to be in compliance with the basic HIPAA requirements, federally mandated privacy regulations to protect patient health information. The U.S. Department of Health and Human Services (HHS) issued those patient-data privacy guidelines, as ordered under the HIPAA passed by Congress in 1996. Subject to interpretation, the HIPAA privacy rules demand that any company providing healthcare services - and any of their business associates handling protected patient data - apply "administrative, physical and technical safeguards" to ensure confidentiality.

"Every time HHS has had a 'clarification,' it impacts another area," Hennessey says.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

For John Hennessey, sifting and sorting through Health Insurance Portability and Accountability Act regulations has been a large ordeal.

Hennessey is the CIO for Dallas County, which contracts with the University of Texas Medical division to supply healthcare to Texas prison system inmates. Healthcare organizations across the country face an April 14 deadline to be in compliance with the basic HIPAA requirements, federally mandated privacy regulations to protect patient health information. The U.S. Department of Health and Human Services (HHS) issued those patient-data privacy guidelines, as ordered under the HIPAA passed by Congress in 1996. Subject to interpretation, the HIPAA privacy rules demand that any company providing healthcare services - and any of their business associates handling protected patient data - apply "administrative, physical and technical safeguards" to ensure confidentiality.

"Every time HHS has had a 'clarification,' it impacts another area," Hennessey says.

Echoing the view of several CIOs questioned about HIPAA, Hennessey worries the April 14 deadline will lead to an era of heightened liability if patient data gets into the wrong hands.

"We're worried about being held liable and the consequent damages," Hennessey says.

At Glenwood Medical Associates in Colorado, where the HIPAA privacy officer reports to Director of IS Bob Mirabito, HIPAA creates similar anxiety because it seems to "open up lawsuits to individuals" after April 14, Mirabito says.