An Overview of Laws and Standards for Health Information Security and Privacy

In the complex technological world that healthcare organizations and their business associates operate, there exist security threats and attacks which render individually identifiable health information vulnerable. Laws exist to ensure that healthcare providers take practical measures to address the security and privacy needs of health information. There are also standards that assist healthcare entities to meet the security and privacy requirements of health information. This paper provides a chronological overview of U.S. laws and standards related to health information security and privacy, such as HIPAA, SarbanesOxley Act, HITECH, COBIT, ISO/IEC 27002 2005, and CSF.

[1]  M. Eric Johnson,et al.  Will HITECH Heal Patient Data Hemorrhages? , 2011, 2011 44th Hawaii International Conference on System Sciences.

[2]  Shoichi Morimoto Application of COBIT to Security Management in Information Systems Development , 2009, 2009 Fourth International Conference on Frontier of Computer Science and Technology.

[3]  J. Glaser,et al.  Health Care Information Systems: A Practical Approach for Health Care Management , 2009 .

[4]  Ruoyu Wu,et al.  Towards HIPAA-compliant healthcare systems , 2012, IHI '12.

[5]  Alan R. Heminger,et al.  A Study of U.S. Battlefield Medical Treatment/Evacuation Compliance with HIPAA Requirements , 2009, 2009 42nd Hawaii International Conference on System Sciences.