INFORMATION TECHNOLOGY COUNCIL

Date: March 20, 2003
Presenter: Tom Volz, HIPAA Practice Director - tom.volz@mandolfo.com
Affiliation: Mandolfo & Associates - www.mandolfo.com
Topic: HIPAA Privacy 101.
The presenter for HIPAA 101 (Health Insurance Portability and Accountability Act of 1996) was Tom Volz from Mandolfo and Associates. Mr. Volz has 25 years experience in the IT industry with senior management, program and project management positions in Fortune 500 companies. He is current serving as the HIPAA Practice Director with Mandolfo Associates and HIPAA Privacy & Security Program Manager for a major mid-west Insurance Company.
Mr. Volz has extensive experience in HIPAA assessments and compliance efforts for State Governments, and private companies within the healthcare and insurance industry. He is currently working as an advocate to educate companies within the healthcare and insurance industry on the risks and best practices for HIPAA compliance.
The development of HIPAA started with the adoption of EDI as a means of transferring data records between insurance companies and other health care entities. Typical in the evolution of IT innovations, once the innovation is adopted, there is a need for interchangeability, uniform formats and ease of communication. This need for records standards to improve efficiencies soon recognized the related requirements for personal privacy and security to prevent fraud and abuse.
The initial Act has led to other follow on development in IT standards and use policies. There has been considerable focus on intracompany communication, firewall security, data back-up and similar best practices. Some of these issues were "unintended consequences" but most of them "needed a driver to get done anyway." In the past year, the deadlines for HIPAA compliance has been a strong driver for IT planning and management in the insurance and health care industries.
The meeting concluded with an exchange of views and concerns by the members regarding compliance issues. For those that are in the direct line of responsibility, there is a strong need for education into the details of compliance. For those that are indirectly involved, there is still a need to be familiar with the disclosure guidelines.
For additional information - the following resource was found to contain more useful information than marketing material: www.hipaacomplianceguide.com/preview/01-01-00-00.asp
Information on an upcoming HIPAA seminar sponsored by Mandolfo & Associates can be found here.
With permission of the the presenter, HIPAA Privacy 101 has been provided for the ITC as a Portable Document Format (PDF) file. To read this file, you will need to download the free Adobe Acrobat Reader.