Beware of Cure-Alls for HIPAA Compliance
I always find it amusing when a new issue rises on the it horizon, and suddenly dozens of vendors rush forward to tout their product as "the solution."I always find it amusing when a new issue rises on the it horizon, and suddenly dozens of vendors rush forward to tout their product as "the solution." Often, they are hawking their existing wares but putting a new spin on them to gain a presence in a new market segment. Now, I dont want to imply that all of these vendors are modern snake oil salesmen. Often, the products being pitched are important parts of the solution. However, beware the illusion that such products solve the entire problem.
A recent eWeek article ("Meeting a mandate for patient privacy," Jan. 1/8) showed me that the latest target for these slick hucksters is the medical profession. The recently released security guidelines for the Health Insurance Portability and Accountability Act have attracted numerous companies that will assure regulatory compliance if "you just buy our product." But what unique medical capabilities do these products provide? None. Look at the underlying technologies: encryption, Lightweight Directory Access Protocol, firewalls and virtual private networks. This is hardly a list of innovative techniques. The only thing separating them from other security vendors is "HIPAA" in the marketing literature.