HIPAA and HITECH have resulted in a whole new career for Tom Dumez, CHP. As human resources director at a records management company, Dumez's job in the last few years has taken a new direction-training others how to comply with HIPAA.
When Mac McMillan, CISSP, CEO of CynergisTek in Austin, TX, picked up the phone recently, he had a very nervous hospital administrator on the other end.
One of the three foundational security requirements is availability-the ability to access data when you really need it. Data accessibility is considered sound security practice and is a requirement per the HIPAA Security Rule (45 CFR 164.306[a][1]). If a data storage device fails, you can lose access to your patients' or health plan members' PHI. This could adversely affect patient care and service to health plan members.
The death of an infant at an Illinois hospital made national news in June 2011. Genesis Burkett passed away due to a series of errors tied to human use of the hospital's EHR systems. (The infant was born prematurely to parents who had been trying to conceive for years, and had thrived after months in neonatal intensive care until he was killed by a massive sodium chloride overdose. (You can read more about the case in the Chicago Tribune at http://tinyurl.com/8xtdqrp.)
