CONTACT:
Harvey Watson, Ph.D.
HIPAA Compliance
(210) 522-2668
 E-mail:  Harvey Watson

KEY TERMS:
 HIPAA Final Security
Rule
covered entities
CE
information security
experts
compliance
electronic protected
health information
EPHI
administrative
safeguards
physical safeguards
technical safeguards
stored information
transmitted data
CE process
health care
security
documentation

Medical Systems Concepts and Architectures
HIPAA Compliance

The HIPAA Final Security Rule, released in February 2003, gives covered entities (CEs) 2 years to comply, and information security experts have estimated that it could take as much as 2 years to achieve compliance. The Security Rule directs CEs to safeguard electronic protected health information (EPHI) by maintaining reasonable and appropriate administrative, physical, and technical safeguards against threats to the confidentiality, integrity, and availability of EPHI when it is stored, maintained, or transmitted. Noncompliance could result in penalties of up to $250,000 in fines and 10 years in jail.

Southwest Research Institute (SwRI) has field teams available to consult with CEs. These teams have backgrounds in:

  • CE process

  • Health care

  • Security

SwRI conducts evaluations of the existing security documentation, the security processes (planned or in-place), and security mechanisms (planned or in-place). We perform gap analyses highlighting where the CE might fall short. Following this evaluation, if desired, the team develops a plan for bringing the CE into compliance.

For more information on HIPAA requirements capabilities at Southwest Research Institute (SwRI) or how to contract with SwRI, please contact Harvey D. Watson, Ph.D. at hwatson@swri.org or (210) 522-2668, or Waring Worsham at wworsham@swri.org or (210) 522-3759. We offer you the best approach for addressing your medical systems needs.


Medical Systems Department
  Automation and Data Systems Division SwRI Home


Southwest Research Institute® (SwRI®), headquartered in San Antonio, Texas, is a multidisciplinary, independent, nonprofit, applied engineering and physical sciences research and development organization with 11 technical divisions.