Great article in Network Computing about HITECH and HIPAA’s influence on healthcare organizations

“…The flurry of activity around security in the health care industry is largely a product of the HITECH (Health Information Technology for Economic and Clinical Health) Act, passed as part of the Obama administration’s stimulus package passed a year ago. The act takes a carrot-and-stick approach to spur the conversion of all patient information to electronic health records. The federal government is offering $19.2 billion in incentives to organizations that meet its requirements, starting in 2011. On the other hand, the act provides penalties for non-compliance starting in 2015 and stiffer penalties for violating HIPAA, which has been largely unenforced.

The message to health care organizations struggling to protect patient information and other sensitive data under the HITECH Act, HIPAA and other compliance mandates is no different from the one enterprises across every vertical are hearing: Implement a risk-and standards-based approach across the organization and you’re likely to succeed. Focus on technology and operations, and you’ll certainly fail. “Make sure you’ve done good job of organizing around security throughout the organization,” said Brian Cline, director of information security at Catholic Health East. “Adopt a governance model to have successful security, otherwise security will just be an IT problem….”