The human element: Training, awareness, and human resources implications of health information security policy under the Health Insurance Portability and Accountability Act (HIPAA)

Proceedings of the 2009 Information Security Curriculum Development Annual Conference, InfoSecCD'09

Volumn , Issue , 2009, Pages 95-99

  Craig, Jeremy S ^a  

^a KENNESAW STATE UNIVERSITY   (United States)

Author keywords

Electronic medical records; Health information security; Health insurance portability and accountability act of 1996; HIPAA; Human resources; Security training

Indexed keywords

ELECTRONIC MEDICAL RECORD; HEALTH INFORMATION SECURITY; HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996; HIPAA; HUMAN RESOURCES; SECURITY TRAINING;

ACCESS CONTROL; CURRICULA; HEALTH CARE; HEALTH INSURANCE; LAWS AND LEGISLATION; MEDICAL COMPUTING; STANDARDIZATION;

HEALTH;

EID: 79952500732     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1940976.1940996     Document Type: Conference Paper

References (22)

1. Baumstein, A. 10-step compliance program. InformationWeek, 1222, (March 2009), 39-40.
2. Brown, S.C. (2005, May) HIPAA security: Don't disband the committee just yet. Journal of the American Health Information Management Association, 76, 5 (May 2005), 53, 57. http://library.ahima.org/xpedio/groups/public/documents/ ahima/bok1-026973.hcsp?dDocName=bok1-026973, last accessed June, 2009.
3. Choi, Y.B., Capitan, K.E., Krause, J.S., and Streeper, M.M. 2009. Challenges associated with privacy in health care industry: Implementation of HIPAA and the security rules. Journal of Medical Systems, 30, 1 (2006), 57-64. (Pubitemid 44124366)
4. Christiansen, J. Electronic health information: Privacy and security compliance under HIPAA. American Health Lawyers Association, Washington, D.C., 2000.
5. Conn, J. 2006. HIPAA, 10 years after. Modern Healthcare, 36, 31 (Aug. 2006), 26-28.
6. Fitzgerald, T. 2003. HIPAA security rule 101: The time to act is now. Information Systems Security, 12, 1 (March 2003), 43. (Pubitemid 38214627)
7. Haramati, N. 2000. HIPAA security: Compliance in radiology - An academic radiology department's plan contrasted with a small private practice. Journal of Healthcare Information Management, 14, 4 (2009), 65-81. http://www.ncbi.nlm. nih.gov/pubmed/11190264, last accessed June, 2009.
8. Having, K. & Davis, D.C.2005. HIPAA compliance in U.S. hospitals: A self-report of progress toward the Security Rule. Perspectives in Health Information Management, 2, 9 (2005), 1-12. http://www.pubmedcentral.nih.gov/ articlerender.fcgi?artid=2 047309, last accessed June, 2009.
9. Jerbic, M., & Wu, S.S. The Security Rule. In Wu, S.S., A guide to HIPAA security and the law. American Bar Association Publishing, Chicago, 2007.
10. Kam, R. 2009. Five steps to HITECH preparedness. Computerworld, (June 18, 2009). http://www.computerworld.com/action/article.do?command= viewArticleBasic&taxonomyName=intellectual-property-and-drm&articleId= 9134549&taxonomyId=144&intsrc=kc-feat, last accessed June, 2009.
11. Kuther, B. 2000. Use every avenue when implementing your HIPAA security awareness training. IT Health Care Strategist, 2, 4 (April, 2000), 10.
12. National Institute of Standards and Technology. 1996. An introduction to computer security: The NIST handbook. http://csrc.nist.gov/publications/ nistpubs/800-12/handbook.pdf, last accessed June, 2009.
13. New penalties of up to $50,000 per violation for noncompliance with health data privacy and security rules. (2009). Dorsey & Whitney LLP. http://www.dorsey.com/newpenalties, last accessed June, 2009.
14. Scholl, M., Stein, K., Hash, J., Bowen, P., Johnson, A., Smith, C., et al. An introductory resource guide for implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. Washington, DC: National Institute of Standards and Technology, Washington, D.C.,2008. http://csrc.nist.gov/publications/nistpubs/800-66- Rev1/SP-800-66-Revision1.pdf, last accessed June, 2009.
15. Security Standards for the Protection of Electronic Protected Health Information, 46 C.F.R. § 308. 2003.
16. Sullivan, J.M. HIPAA: A practical guide to the privacy and security of health data. American Bar Association Publishing, Chicago, 2004.
17. Swanson, M. & Guttman, B. Generally accepted principles and practices for securing information technology systems. National Institute of Standards and Technology, Washington, D.C., 1996. http://csrc.nist.gov/publications/ nistpubs/800- 14/800-14.pdf, last accessed June, 2009.
18. Swartz, N. 2003. What every business needs to know about HIPAA. Information Management Journal, 37, 2 (2003), 26-34.
19. Sweatt, D., Longenecker, H.E., & Sweeney, R.B. 2006. HIPAA certification and training guidelines for healthcare organizations: An IS 2002 model curriculum implementation. Information Systems Education Journal, 4, 101 (2006), 3-13. http://isedj.org/4/101, last accessed June, 2009.
20. Vijayan, J. 2007. HIPAA audit at hospital riles health care IT. Computerworld, (June 15, 2007). http://www.computerworld.com/action/article.do? command=viewArticleBasic&articleId=9024921, last accessed June, 2009.
21. Vijayan, J. 2008. Feds finally put teeth into HIPAA enforcement. Computerworld, 42, 36 (Sept., 2008), 10-11.
22. Williams, P. 2008. In a 'trusting' environment, everyone is responsible for information security. Information Security Technical Report, 13, (2008), 207-215.