Securing Information

Final rules governing health-information security go into effect April 21
The final rules for securing electronic health-care information were entered into the Federal Register last week and will take effect on April 21. They require health-care companies to develop, implement, and document the measures they take under the Health Insurance Portability and Accountability Act to ensure that health information remains secure. Large health-care organizations will have until April 2005 to comply, while smaller ones must comply by April 2006.

Security experts warn a lack of specifics may cause confusion. "This is going to be a free-for-all for a long time," says Pete Lindstrom, research director at Spire Security.

But for companies already on top of their security efforts, the new rules shouldn't be a burden. Says Bruce Peck, information security manager at St. Vincent Hospitals and Health Care Center: "This outlines what we were already doing."

Editor's Choice
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Terry White, Associate Chief Analyst, Omdia
Richard Pallardy, Freelance Writer
Cynthia Harvey, Freelance Journalist, InformationWeek
Pam Baker, Contributing Writer