Privacy and security are meant to work in tandem – so why have they grown apart? My colleague Peter Adler examines this question in the April 2008 isssue of the Journal of the American Health Information Management Association. As Peter states in the article:
Privacy and security regulations were intended to work together to effectively protect health information. In most covered entities, that hasn’t happened due to a number of historical and organizational reasons. But organizations that can integrate their security and privacy compliance efforts make the most of their resources and boost the effectiveness of their programs. In some instances, this may mean a reorganization of security and privacy roles and reporting structures. In others, it may start with the revitalization of a flagging HIPAA committee.
For the full article, with tips for coordinating privacy and security efforts, click here.
Thought I should share a post I published discussing the question of HIPAA Privacy and Security rules being linked [excerpt]
…A good starting point for examining the linkage between the Privacy and Security Rule begins with those responsible for the development and application of the Rules. The Department of Health and Human Services has stated that, “…in preparing the final Security Rule, the Department is working to ensure the Security Rule requirements for electronic information systems work hand in glove (emphasis added) with any relevant requirements in the Privacy Rule”. Health and Human Services has also stated that, “As many commenters recognized, security and privacy are inextricably linked (emphasis added). The protection of the privacy of information depends in large part on the existence of security measures to protect that information.” To be sure, federal regulators intend for Privacy and Security Rules to work in conjunction with one another.” Read more at http://www.dgpeterson.com
Grant Peterson, J.D.