- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Getting Started: The Impacts of Privacy and Security Under HIPAA - A Case Study
- Abstract
- The Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule went into effect on April 13, 2003 carrying with it security implications in the form of privacy safeguards. Late in 2002, a behavioral health agency realized that their use of a centralized electronic medical records (EMR) system and the requirements for HIPAA privacy had just accelerated their plans for security implementation. This paper is intended as a case study that can be applied in similar situations. It takes the reader through the entire problem-solving process, starting with a situation assessment of the Agency's information management and technology resources. Along the way, the demands of the final Security Rule are explored and how they factor into the approach, touching on the intersections between it and the HIPAA Privacy Rule. The paper describes how the Agency established an on-going, cost-effective security program integrated with current Agency business practices.