Virtually no payers in a HIPAA readiness survey conducted in December by Gartner Inc., Stamford, Conn., indicated they had completed their selection of technology tools to comply with the Health Insurance Portability and Accountability Act.But insurance companies are implementing privacy and security tools for their Web-based applications, and these tools will factor into their HIPAA privacy and security assessments.
BlueCross BlueShield of South Carolina, for example, has a C2 security classification, which is required to handle its military TRICARE contracts. When the insurer was assessed by an outside firm in 2000 for HIPAA compliance, it was found to be very close to complying with HIPAA's proposed security rules at that time, says Jim Daley, HIPAA program director at the Columbia, S.C.-based company.
One of the security tools the company is using for its Web applications is DirectorySmart, a software product developed by OpenNetwork Technologies that enables Web single sign-on and access control. Using DirectorySmart, a company assigns delegated administrators who manage role-based access to information via the Web for a specific group of users.
"HIPAA talks about role-based access control," explains Jennifer Covich, director, strategic healthcare for OpenNetwork Technologies, Clearwater, Fla. "That means your position and responsibility determine what information you can and cannot see."
Similar to the South Carolina Blues, Detroit-based Blue Cross Blue Shield of Michigan is implementing an e-business strategy that incorporates rigorous privacy and security measures. When fully deployed, Michigan Blues members will be able to access a private online personal health record-and doctors, caregivers, members and the insurer will be able to exchange claims data and records on secure channels.
To move in this direction, Blue Cross Blue Shield of Michigan has implemented a system that incorporates de-identification technology developed by PersonalPath Systems Inc., Upper Saddle River, N.J., combined with public key infrastructure software developed by Dallas-based Entrust Inc.
The platform provides a secure environment by separating personal information about the user from the online authorization process. Blue Cross Blue Shield of Florida and Blue Cross Blue Shield of New Jersey also have implemented the technology.
