HIPAA Privacy and Security Standards: A Gap Analysis for the Compliance Challenge at the Northern Arizona VA Health Care System (NAVAHCS)

摘要

There is a difficult and notable challenge facing the healthcare industry in the United States that will profoundly change the way business is conducted. Congress recognized the need for national patient record privacy standards in 1996 when it enacted the Health Insurance Portability and Accountability Act (HIPAA). The law required new safeguards to protect the security and confidentiality of personal health information and mandated implementation within a strict timetable. Industry experts and professionals who have been working on the privacy and proposed security standards say that covered entities need to begin the process of inventorying their organization immediately. The purpose of this project is twofold: (a) to conduct a baseline assessment inventory on the current environment of NAVAHCS policies, processes, and technology with respect to the HIPAA privacy and security standards and (b) to use the information gathered from the baseline assessment to conduct a gap analysis to determine vulnerabilities and enable NAVAHCS to identify necessary process changes and system remediations.