In its quest to foster the use of electronic health record keeping and the
use of electronic transmission of claims to third party payers, the United
States government recognized the vulnerability of sensitive health information
about an individual to potential abuse, unauthorized distribution, and exploitation.
It also recognized the vulnerability of such health data to loss due as a result
of computer malfunction and catastrophic events such as fire, storms, earthquakes,
and floods to mention a few. As a result, the 1996 Health Insurance Portability & Accountability
Act (HIPAA) section on Administrative Simplification addressed the use and
protection of the confidential health information about a patient in an emerging
electronic care documentation environment. The security rule specifically addresses
individually identifiable health information that is transmitted or maintained
in electronic media. This means the dental practice must base their security
requirements initially on the security provisions contained within the Privacy
Rule portion of the legislation and then adopt the specific Security Rule requirements
for Electronic Protected Health Information (EPHI) discussed in this article.
While HIPAA is somewhat complicated, it basically consists of three key sets
of rules. These rules include those relating to patient privacy, the electronic
transmission of transaction codes between parties, and the security of patient
care data.
Previous articles have probed the Electronic Oral Health Record (EOHR) and
the associated privacy and administrative transaction issues within the HIPAA
context.1-3 This paper will examine the system security issues for the dental
practice information architecture, beginning with the requirements of the recently
released (February 20, 2003) HIPAA security regulations.4
System security must be applied to the entire technical infrastructure for
the practice environment and must be thought of as an enterprise asset. Although
technologic infrastructure is likely to continually change rapidly, it can
be separated from global business conceptual content to preserve essential
business functionality. These global issues will be addressed in this context.
In its quest to foster the use of electronic health record keeping and the
use of electronic transmission of claims to third party payers, the United
States government recognized the vulnerability of sensitive health information
about an individual to potential abuse, unauthorized distribution, and exploitation.
It also recognized the vulnerability of such health data to loss due as a result
of computer malfunction and catastrophic events such as fire, storms, earthquakes,
and floods to mention a few. As a result, the 1996 Health Insurance Portability & Accountability
Act (HIPAA) section on Administrative Simplification addressed the use and
protection of the confidential health information about a patient in an emerging
electronic care documentation environment. The security rule specifically addresses
individually identifiable health information that is transmitted or maintained
in electronic media. This means the dental practice must base their security
requirements initially on the security provisions contained within the Privacy
Rule portion of the legislation and then adopt the specific Security Rule requirements
for Electronic Protected Health Information (EPHI) discussed in this article.
