| Today's Date: Saturday, September 04, 2010 |
| Tools and Advice on Developing Culture of Privacy and Security |
| Saturday, May 28, 2005 |
| URAC, in conjunction with the National Institute of Standards and Technology (NIST), the Workgroup for Electronic Data Exchange (WEDI), and the Healthcare Information and Management Systems Society (HIMSS), has completed a Crosswalk of security requirements focused specifically on the Health Insurance Portability and Accountability Act (HIPAA).
The Crosswalk was developed to perform a gap analysis against security requirements already in place, eliminating duplicative efforts and documentation, achieving cost efficiencies and fully complying with all security mandates. “The Crosswalk is a resource tool we developed to give the entire health care industry a resource for clarifying the interrelationship between diverse and complex security guidelines,” said Devin Jopp, URAC administrative officer. “In evaluating their current compliance efforts organizations can use the Crosswalk to better understand where there are already policies, procedures and tools in place to meet the HIPAA Security Rule by virtue of existing security operations.” “ Because the HIPAA Security Rule does not contain specific implementation requirements, the Crosswalk also adds value by presenting an industry consensus on the details of health information security implementation,” Jopp said. “It should give both regulators and the industry a measure of current security practices, and make implementation and compliance easier.” For Kevin Kujawa, senior vice president of information technology, for American Specialty Health, Inc., the Crosswalk is a well organized, concise source of reference materials for health care organizations. “The fact that three leading organizations were able to get in a room and complete this project is an accomplishment,” Kujawa said. “As a company, it provided value in two ways: first, it saved us time since we didn’t have to develop it ourselves. Second, it was useful in getting a third party interpretation of the regulations from a well-respected organization.” “ I think the research URAC performed highlighted some of the key outstanding security issues that covered entities were having difficulty addressing,” Kujawa said. “The fact that they developed the Crosswalk showed great leadership in this space by providing a key point of reference for companies that may have been behind schedule in preparedness or that had trouble with interpretation.” “This Crosswalk is an outgrowth of a voluntary exercise for a workgroup involving participants from all sectors of the health care industry,” Jopp said. “URAC, HIMSS, NIST and WEDI felt it was in the best interest of the industry we serve to foster this effort and give organizations a tool they can use to identify what security practices they already have in place and to more easily achieve the requirements of the HIPAA Security Rule.” For more information on the Crosswalk go to: http://www.wedi.org/public/articles/dis_viewArticle.cfm?ID=313 |
Click here to Contact Us