Beware of Cure-Alls for HIPAA Compliance | eWeek

Beware of Cure-Alls for HIPAA Compliance

Verfasst von
eWEEK EDITORS
eWEEK EDITORS
Mar 26, 2001
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

I always find it amusing when a new issue rises on the it horizon, and suddenly dozens of vendors rush forward to tout their product as “the solution.” Often, they are hawking their existing wares but putting a new spin on them to gain a presence in a new market segment. Now, I dont want to imply that all of these vendors are modern snake oil salesmen.

Often, the products being pitched are important parts of the solution. However, beware the illusion that such products solve the entire problem.

A recent eWeek article (“Meeting a mandate for patient privacy,” Jan. 1/8) showed me that the latest target for these slick hucksters is the medical profession. The recently released security guidelines for the Health Insurance Portability and Accountability Act have attracted numerous companies that will assure regulatory compliance if “you just buy our product.” But what unique medical capabilities do these products provide? None. Look at the underlying technologies: encryption, Lightweight Directory Access Protocol, firewalls and virtual private networks. This is hardly a list of innovative techniques. The only thing separating them from other security vendors is “HIPAA” in the marketing literature.

What should you do if the specter of compliance with HIPAA or another mandated security standard is lurking around your business? First, you need to go beyond simply implementing a security product. HIPAA compliance requires the cooperation of many departments, including legal, IT, finance, audit and security.

Next, identify what steps each department needs to take to work toward compliance. It will take project management skills to coordinate these diverse efforts.

The last step is to examine existing technologies and processes to identify compliance gaps. At this point, technology can be chosen that will help you achieve compliance.

By taking these steps, you will save money in the long run by avoiding the implementation of unnecessary systems.

Beware snake oil salesmen. Anyone who says that their “product will make you HIPAA-compliant” is selling false hope. Compliance is not sold in a bottle.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.