Information security issues are a serious matter that organizations from all industries have to deal with. The healthcare industry is no exception. Personally identifiable healthcare information automated by the healthcare industry can be stolen, intercepted, altered, and misused. Acceptable safeguards, therefore, have to be in place in order to ensure the privacy and protection of this information. Without governmental intervention however, it seems unlikely that the healthcare industry will voluntarily implement such safeguards. The Health Insurance Portability and Accountability Act (HIPAA) security rule has emerged and been mandated by Congress from the need of such intervention. The quantitative investigation in this chapter is aimed at determining if covered entities in Washington State are HIPAA security rule ready after two years from the compliance deadline, and if the factors identified through the literature review are a hindrance to HIPAA security rule compliance. This research study revealed that HIPAA Security Rule full compliance is far from achieved; many factors have emerged as impediments to the compliance process, and the way to compliance is complex and costly. Tracking the compliance progress within healthcare institutions in Washington State over the last five years revealed that the reaction to the HIPAA Security Rule was strong around the mandated date; the response after the mandated date, however, has been weak. Covered entities should brace themselves to the new level of enforcement due to the recent American Recovery Reinvestment Act (ARRA).
HIPAA SECURITY RULE COMPLIANCE IN SMALL HEALTHCARE FACILITIES: A THEORETICAL FRAMEWORK
