HIPAA compliance nears adolescence

Like your typical 10-year old, HIPAA compliance is a sometimes cranky, sometimes frustrating work in progress. What will it be when it grows up? Ten years after HIPAA became a federal law, health insurers are scrambling to make changes to their IT systems in order to comply with one of its last major requirements: The ability to process claims and other electronic transactions using standardized ID numbers for doctors and hospitals. But insurers' efforts to ready their systems are being hampered by the sluggish pace at which many health care providers are adopting the new numbers, IT executives at more than a half-dozen Blue Cross and Blue Shield health plans said last week.

For more information:
- read this Computerworld article

PLUS: Just how private is HIPAA privacy? An interesting Information Week opinion piece raises some key questions on this subject. While regulatory standards such as Sarbanes-Oxley and HIPAA, including the open Web application project, address some security measures through an audit process, they don't impose enterprise-wide abstraction layers that prevent key IT users with application and/or database access from gaining direct access to critical financial data. Instead, standards mainly focus on enforcing confidentiality, providing only general guidelines for companies who want to tighten up access control, improve application configurations and remove code vulnerabilities. Article