Beware of Cure-Alls for HIPAA Compliance | eWeek

Beware of Cure-Alls for HIPAA Compliance

Écrit par
eWEEK EDITORS
eWEEK EDITORS
Mar 26, 2001
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

I always find it amusing when a new issue rises on the it horizon, and suddenly dozens of vendors rush forward to tout their product as “the solution.” Often, they are hawking their existing wares but putting a new spin on them to gain a presence in a new market segment. Now, I dont want to imply that all of these vendors are modern snake oil salesmen.

Often, the products being pitched are important parts of the solution. However, beware the illusion that such products solve the entire problem.

A recent eWeek article (“Meeting a mandate for patient privacy,” Jan. 1/8) showed me that the latest target for these slick hucksters is the medical profession. The recently released security guidelines for the Health Insurance Portability and Accountability Act have attracted numerous companies that will assure regulatory compliance if “you just buy our product.” But what unique medical capabilities do these products provide? None. Look at the underlying technologies: encryption, Lightweight Directory Access Protocol, firewalls and virtual private networks. This is hardly a list of innovative techniques. The only thing separating them from other security vendors is “HIPAA” in the marketing literature.

What should you do if the specter of compliance with HIPAA or another mandated security standard is lurking around your business? First, you need to go beyond simply implementing a security product. HIPAA compliance requires the cooperation of many departments, including legal, IT, finance, audit and security.

Next, identify what steps each department needs to take to work toward compliance. It will take project management skills to coordinate these diverse efforts.

The last step is to examine existing technologies and processes to identify compliance gaps. At this point, technology can be chosen that will help you achieve compliance.

By taking these steps, you will save money in the long run by avoiding the implementation of unnecessary systems.

Beware snake oil salesmen. Anyone who says that their “product will make you HIPAA-compliant” is selling false hope. Compliance is not sold in a bottle.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.