Security's Everyman

Security's Everyman

Wednesday, September 06, 2006

HIPPA Breaches

InformationWeek has an article on Privacy Breaches reported by health care agencies. This isn't surprising at all. HIPPA is so vague, has so many "outs", and affects so many different industries that it's almost impossible to work with. When I was consulting HIPPA was a project of mine. The company I was with was a late comer in the game when we decided to actively pursue clients that needed help with HIPPA compliance. I spoke with people in health care (hospitals, nursing homes, doctors offices), insurance, law firms, and others that were affected and without fail all of them had either an apathetic attitude toward getting compliant, were depending on a software vendor to be compliant, or had no idea that HIPPA could affect them. I know that those I dealt with was a very small sampling but when you bat 100% it really doesn't matter how big your sample is. It still speaks volumes as to the attitudes that companies have towards HIPPA. Many will do the bear minimum to get Uncle Sam off their back.

2 comments:

Anton Chuvakin said...

Please don't say HIPPA :-) or people would make fun of you

e.g.

http://www.oreillynet.com/sysadmin/blog/2005/11/fake_experts_always_misspel_hi.html

Andy, ITGuy said...

Ouch, You know I never even paid attention to the fact that I misspelled HIPAA. Obviously I've been doing it for some time because I did it 4 times in this one blog. Spelling was never my strong suit. :)

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.