[optimal] Re: HIPAA Security initiative

• From: Lydia Dimmer <lydiadimmer@xxxxxxxxxxx>
• To: <optimal@xxxxxxxxxxxxx>
• Date: Fri, 17 Feb 2012 16:43:21 -0800

Everything you say is true, Jim.  I wonder if the connection between VF's and 
HIPAA is the HiTech Act, which was added later, which has more to do with the 
inter-connectivity and format of the data that might be exported...?

Lydia Dimmer, COT, CRA, OCT-C
Eye Associates Northwest, PC 
Seattle, WA
206/342-6140 
 

Date: Fri, 17 Feb 2012 09:15:04 -0500
Subject: [optimal] Re: HIPAA Security initiative
From: jamesdstrong@xxxxxxxxx
To: optimal@xxxxxxxxxxxxx

One thing to keep in mind here is that DICOM and HIPAA are two completely 
different animals and don't have much to do with one another. An instrument 
being DICOM compliant doesn't mean it will be HIPAA-fied.

 
DICOM is a "standardised" data structure that means an instrument that is DICOM 
compliant "should" be able to exchange data with other DICOM compliant systems. 
 Be aware that DICOM isn't a silver bullet for data/system integration; there 
are varying "flavors" or dialects of DICOM.  If the 2 pieces don't speak the 
same dialect then things get much more complicated.  

 
HIPAA deals with keeping Protected Health Information safe and has multiple 
facets.  Some of which are as simple as Password protecting systems that 
contain PHI, individual log-ins to such systems, and audit trails for data 
access i.e. who is looking at what data.

 
While DICOM-izing an instrument may ultimately push your data into a HIPAA 
compliant system, it doesn't make the instrument itself or the data it can 
access HIPAA compliant.
 
If it were my project, i'd ask my HIPAA expert to come to clinic and look at 
the instrument with me so they understand how it is used and then generate a 
specific list of concerns and pose that to the vendor. 


That said, i think this is a GREAT thread and am also VERY curious if someone 
out there has gone thru the process from the perspective of a large 
institutional hospital, because it's going to be very interesting. 
Unfortunately i don't know that there will be one absolute answer; i think the 
way HIPAA has been constructed, it leaves much open to the interpretation.

 
j-
                                          

• References:
  • [optimal] Re: HIPAA Security initiative
    • From: CPMC Ophthalmic Diagnostic Center
  • [optimal] Re: HIPAA Security initiative
    • From: Marc Gilels
  • [optimal] Re: HIPAA Security initiative
    • From: James Strong

Other related posts:

• » [optimal] Re: HIPAA Security initiative- CPMC Ophthalmic Diagnostic Center
• » [optimal] Re: HIPAA Security initiative- Genevieve Fay
• » [optimal] Re: HIPAA Security initiative- Marc Gilels
• » [optimal] Re: HIPAA Security initiative- James Strong
• » [optimal] Re: HIPAA Security initiative- Foster, Guy (NIH/NEI) [E]
• » [optimal] Re: HIPAA Security initiative - Lydia Dimmer
• » [optimal] Re: HIPAA Security initiative- Hess, Ditte
• » [optimal] Re: HIPAA Security initiative- Stratton, Rick
• » [optimal] Re: HIPAA Security initiative- Stratton, Rick
• » [optimal] Re: HIPAA Security initiative- Lydia Dimmer

1. Home
2. optimal
3. Archive
4. 02-2012

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---