Healthcare Information Security Podcast

Hospitals preparing for a potential government audit of their HIPAA security rule compliance should "build a continual state of readiness," says David Wiseman, information security manager at Saint Luke's Health System, Kansas City, Mo. To be fully prepared, Wiseman says hospitals should: Conduct a HIPAA compliance evaluation to identify areas of weakness; Put together an action plan for resolving those weaknesses; Carefully monitor whether all compliance strategies, such as changing passwords every 90 days, are actually being carried out throughout the enterprise; Update risk assessments whenever an application is upgraded or replaced; and Make extensive use of encryption. About two years ago, Saint Luke's Health System went through what was then a very rare federal audit when the U.S. Department of Health and Human Services was attempting to measure its ability to oversee and implement the HIPAA security rule. Now the Office of Civil Rights within HHS is gearing up to conduct HIPAA compliance audits t