Medical information security: the evolving challenge

Electronic transfer is rapidly becoming the main means of medical information exchange. Because of the security related questions arising from the proliferation of electronic transfer or storage of sensitive medical data, the US government has begun an effort to set standards concerning levels of medical data sensitivity and to prescribe minimum safeguards for maintaining patient information. The “Health Insurance Portability and Accountability Act of 1996” (HIPAA), was signed into law as PL 104-191 on September 31, 1996. As the name implies, this law helps ensure that an individual can retain certain health insurance coverage when changing or losing employment. However, it also requires the Secretary of Health and Human Services (HHS) to adopt security standards and establish policies and procedures to prevent unauthorized access to health care information. The legislation further directs that those persons who maintain and transmit health information apply reasonable and appropriate administrative, technical and physical safeguards to ensure the integrity and confidentiality of such information and to “protect against any reasonably anticipated threats or hazards to the security or integrity of the information and unauthorized uses or disclosures...” This paper explores the existing problems relating to patient record confidentiality and the impact of the new legislation