Guidelines for Academic Medical Centers on Security and Privacy
Guidelines for Academic Medical Centers on Security and Privacy:
Practical Strategies for Addressing the
Health Insurance Portability and Accountability Act (HIPAA)
The privacy and security regulations stemming from the Health
Insurance Portability and Accountability Act of 1996 (HIPAA) have
captured the attention of the healthcare community. The cumulative cost
of compliance with these regulations is variously estimated to cost from
somewhere between the equivalent of Y2K preparation for the community
to many times that amount. A recent study commissioned by the American
Hospital Association placed costs at $22.5 billion over the next five
years. To assist medical schools and teaching hospitals in addressing
the new regulations, The National Library
of Medicine (NLM) funded a series of workshops engaging the membership
of several organizations: AAMC’s Group on Information
Resources, Internet 2, Object
Management Group, and Workgroup on Electronic
Data Interchange. The workshop participants analyzed current health
information security and privacy polices, made recommendations, and developed
this resource of best practices for healthcare security and privacy. The
Guidelines for Academic Medical Centers on Security and Privacy: Practical
Strategies for Addressing the Health Insurance Portability and Accountability
Act (HIPAA) addresses the unique concerns of academic medical centers.The traditional tripartite mission – patient care, education, and research
– distinguishes academic medical centers (AMC) from their peer institutions,
which focus primarily on patient care services. In the past two decades
the ability of academic medical centers to balance and sustain these multiple
missions has been severely tested by changes in health care financing
and regulation. The implementation of the HIPAA regulations will create
barriers unique to these environments. Because of their multiple missions
and collegial concerns, AMCs have come together in an effort to create
the guidelines – to ensure the privacy, security and confidentiality of
patient information.
