* The HIPAA Privacy Rule provides federal protections for personal health information. The Security Rule specifies a series of administrative, physical and technical safeguards for covered entities to use to address the confidentiality, integrity and availability of electronic protected health information. However, there is the issue of which of the addressable safeguards are applicable to your organization. This is frequently a source of internal debates, due to different interpretations.
But what happens if you believe you have addressed all safeguards, and you have an intentional breach from inside your organization? This is still a violation and will probably lead to major financial and brand image impact.
And a key challenge with all compliance regulations is agreeing on the definition of things like "Minimum Necessary Privilege" and the data that should be protected. It is much easier to let a risk-management process drive what data should be controlled at what level and what access users should have. This comes with an understanding of what residual risk remains, and if it is within the businesses level of acceptable risk.
The goal of regulations is protecting consumers. Organizations share the same goal, whether for compliance or ethical reasons. Of course organizations also want to continue to be a financially viable, meaning it is better to focus on enterprise risk management rather than simply compliance.
Minnesota Department of Veteran Affairs (MDVA) strives to improve the lives of Minnesota veterans, their dependents, and survivors through advocacy and securing benefits provided by federal and state laws. MDVA serves Minnesota's 381,000 veterans and their dependents through two divisions. The Health Care division provides various levels of long-term care. The Program and Services division provides state benefits and assists in securing federal benefits.
Sign up for Computerworld eNewsletters.