eWeek.com, in its Health Care News section, reports in an article entitled "Stitching Up Health Records: Privacy Compliance Lags" that more than 80 percent of companies involved in health care have technology and processes in place to provide the level of patient privacy protection required by the Health Insurance Portability and Accountability Act (HIPAA). The act required compliance by April 2003, which means that almost 20 percent of health care companies are "unable or unwilling to implement federal privacy requirements" according to a twice-yearly survey of health care payers and providers conducted by Phoenix Health Systems and Healthcare Information and Management Systems Society (HIMSS).
According to William "Buddy" Gillespie, vice president and CIO at WellSpan Health, which includes two hospitals, a home health care provider, a pharmacy, and about 40 physicians offices, managed care plans, and other outpatient treatment facilities in Pennsylvania and Maryland, it isn't that health care companies find privacy and security technology hard to manage; the problem is that HIPAA rules are often vague and technology is developing so quickly that it's often hard to decide whether flash drives, hot-site disaster recovery, and other specific storage and file management technology are covered or satisfy the rules.
Read the entire article at http://www.eweek.com/article2/0,1895,1949646,00.asp