ABSTRACT
The “Health Insurance Portability and Accountability Act,” commonly referred to as HIPAA, and its amendment known as “Health Information Technology for Economic and Clinical Health (HITECH),” have been heralded as bringing vital attention to the matters or the privacy and security to patient information. They have also brought controversy to the general discussion of information protection, its cost, the associated burden of program management, breach reporting, and related topics. Over time, much has been clarified but much remains to be clarified before truly effective and cost-efficient programs can be designed and institutionalized. This entry will address these issues and provide more clarity on how to achieve the objective for protecting the privacy and security of patient information. It will lay the foundation for defining IT controls, the objective of each, implementation and operational guidance, and the interdependence of them. It will provide examples of effective options to achieve the goals without breaking the bank or adversely impacting the delivery of timely, appropriate, and high-quality healthcare. It will enlarge on the requirements of these important laws, their impacts on the IT portions of an affected enterprise, and will elaborate on the manner in which they must be addressed so that this vital program of protection can be brought about quickly and efficiently, without excessive cost or adding unacceptable overhead, in an evolutionary, not revolutionary manner.
