Courion Corporation

Healthcare Stimulus to Drive Compliance

Tweet

  

 

While reading Matt Flynn's Identity Management blog I was interested to see a post on the requirements that the American Recovery and Reinvestment Act (ARRA) will impose on healthcare organizations, specifically how they are required to prove audit compliance with respect to their use of electronic protected health information.  Not only will all organizations be required to have audit controls in place and regularly monitor their audit records, but they'll also need to monitor and review the audit trails in "as close to real time as possible."  It will be extremely difficult if not impossible for healthcare organizations to live up to this level of compliance ordinance without the aid of some sort of access assurance solution which includes preventive controls (identity management, access provisioning...) and detective controls (DLP, SIEM...).  With the level and volume of access required to Electronic Health Records, having automated tools to aid in the privacy protection and access control process is really the only way organizations will be able to keep up with these increasingly stringent mandates.

We will actually be hosting a webinar on the "Impact of HIPAA on Identity and Access Assurance" next Wednesday on this topic so we hope you will join us or, if you can't make the live event you can visit our Webinar Archive to learn more.

And if you're interested in really digging in, here's the actual ARRA documentation and the HITECH Act begins on page 112.

Are you at all apprehensive about keeping up with the HITECH standards? If so, we want to hear from you.  What are the challenges standing in your way?