The Future--Security Regulations

Although the HIPAA security rule is not enforceable until April 21, 2005, there are some elements of information security that are necessary to ensure privacy of health information. A simple gap analysis targeting security issues is needed to evaluate security similar to analyses reviewing privacy protections in the practice. Evaluate all of the computer security issues in the practice can include, locating and identifying computer workstations and equipment, laptops and hand held computers that are used to create, maintain, transmit or store the private health information of patient PHI is a good first step. Several security regulations that are necessary for privacy compliance include password policies; log off policies, placement of computers, data back-up procedures, virus detection and prevention, utilization of e-mail with patients. This can be assessed during the gap analysis.