The burden of implementing the Health Insurance Portability and Accountability Act (HIPAA) falls heavily on providers, to be sure, but manufacturers are also affected. To help their clients meet the requirements of the law, the National Electrical Manufacturers Association's (NEMA) medical imaging informatics (MII) section has launched a privacy and security initiative.
Taking an educational approach to the complex legislation, NEMA's privacy and security committee is publishing a series of white papers on its Web site, the first of which, "Security and Privacy: An Introduction to HIPAA," is available now.
Other papers in progress will cover remote serviceability of equipment and audit trials, said Vicki Schofield, industry manager at NEMA.
"[The white papers] are a very fundamental presentation on the issues that have to be addressed and considered in meeting the requirements of HIPAA," she said.
The committee is not confining its activities to white papers, however. In February it submitted a comment letter to the Department of Health and Human Services on the proposed rule, "Standards for Privacy of Individually Identifiable Health Information." The letter requested a variety of changes, including the clarification of requirements for manufacturers/vendors of medical imaging, IT, and PACS systems as "business partners" of providers.
While HIPAA is getting the lion's share of attention these days, it's not the only privacy and security law facing vendors, who must also address similar initiatives in the European Community and in Japan. With three separate sets of regulations in effect, NEMA believes companies could potentially introduce incompatibility and unnecessary complexity into the design of their products.
In a bid to define a common approach to address regulations in the U.S., Europe, and Japan, the committee maintains liaisons with two NEMA equivalents, the European Coordination Committee of the Radiological and Electromedical Industry (COCIR) and Japan Industries Association of Radiation Apparatus (JIRA).
The relevant European privacy and security regulation is the European Community Data Protection Directive (95/46), which was adopted on October 24, 1995. Although not specific to the healthcare industry, this regulation broadly protects personal data to ensure confidentiality and legitimate fair use, according to NEMA. In addition, transmission of personal data is restricted between complying countries.
The U.S. Department of Commerce and the EC have adopted seven safe harbor principles, which require that organizations provide notice, choice, onward transfer, access, security, data integrity, and enforcement when the disclosure of individual information is involved, according to NEMA.
In Japan, the HPB 517 regulation was published on April 22, 1999. Specific to the healthcare industry, HPB 517 includes specific requirements for electronic storage of clinical records, authenticity and accuracy of data storage and transmission, legibility and irretrievability of stored information, patient privacy, and access control. It also contains organizational management and compliance sections, according to Rosslyn, VA-based NEMA. The requirements haven't been finalized yet, Schofield said.
In addition to its liaisons with JIRA and COCIR, the committee also maintains a relationship with DICOM Working Group 14 (security). NEMA's privacy and security initiative may be expanded in the future, depending on market needs, Schofield said.
By Erik L. RidleyAuntMinnie.com staff writer
April 18, 2001
Related Reading
HHS moves to implement and modify HIPAA privacy rules, April 12, 2001
New U.S. bill recommends HIPAA-replacement surgery, April 6, 2001
HIMSS embraces HIPAA privacy regulations, April 3, 2001
Democrats urge go-ahead on medical privacy rules, March 22, 2001
IT veteran offers advice on real-world HIPAA implementation, February 7, 2001
Click here to post your comments about this story in our PACS Digital Community. Please include the headline of the article in your message.
Copyright © 2001 AuntMinnie.com