Medicare Security and HIPAA - Health Insurance Portability Act - Brief Article

Physician Executive, July, 2001 by James A. Hawkins

There was some speculation that the Bush administration might ease the tough, new Health Insurance Portability Act requirements issued by the Department of Health and Human Services during the last days of the Clinton administration. That hasn't happened.

But as physicians and hospital administrators scramble to meet the privacy standards, they may take some solace that Medicare officials are also feeling the heat on patient privacy.

In a statement to a congressional oversight committee, security expert Michael Neuman of En Garde Systems of Albuquerque, N.M., said HCFA contractors were "outright obstructive to providing sound security." En Garde and other security firms hired by HCFA to test the security of its computer networks had little trouble breaking into the Medicare data system.

Lawmakers were not pleased. HCFA's Medicare files contain medical information on roughly 39.5 million elderly and disabled Americans.

"It will do little good to have privacy laws in general if the computers that contain those databases are vulnerable to hackers," said Rep. Billy Tauzin, R-La., the House Commerce Committee chairman.

Tauzin doesn't question the effort being put forth by HCFA, but adds, "let's be honest, HCFA has to do a better job than many other federal agencies.... The information is more sensitive."