Tivoli® Helps U.S. Healthcare Organizations Prepare for Federal Privacy Regulations

Tivoli SecureWay® Privacy Manager Facilitates Compliance with Health Insurance Portability and Accountability Act (HIPAA)

Select a topic or year

WASHINGTON, D.C. - 29 Jan 2001: Tivoli Systems Inc. today announced that its software would help health insurers and health care providers comply with the consumer privacy requirements of the Health Insurance Portability and Accountability Act (HIPAA). Using Tivoli SecureWay Privacy Manager, healthcare organizations and other e-businesses can increase their control over consumer data, helping ensure compliance with the new U.S. government regulations.

In December, United States Department of Health and Human Services released final regulations establishing the first-ever federal privacy protections for the individually identifiable health information of all Americans. The regulations limit the non-consensual use and release of private health information, give patients new rights to access their medical records and to know who else has accessed them, restrict most disclosure of health information to the minimum needed for the intended purpose, establish new criminal and civil sanctions for improper use or disclosure, and establish new requirements for access to records by researchers and others.

Tivoli SecureWay Privacy Manager is access control software developed to help organizations implement and enforce privacy policies and protect consumers' individually identifiable information. Using Tivoli SecureWay Privacy Manager, healthcare organizations can limit access to health information based on the role of the user attempting access and the data. This helps organizations implement the minimum necessary use and disclosure clauses in the final rule.

"Because technology is an important component in privacy, access control software tailored to e-business privacy concerns, such as Tivoli SecureWay Privacy Manager, will help organizations comply with privacy policies and regulations," said Robert Lonadier, director, Hurwitz Group. "Healthcare organizations should be evaluating software solutions today, so decisions and implementation can be completed within federal deadlines.

According to the U.S. Department of Health and Human Services, the final regulation covers all individually identifiable health information transmitted or maintained by health plans, health care clearinghouses and those health care providers who conduct certain financial and administrative transactions (e.g., electronic billing and funds transfers).

"Healthcare organizations will need to comply with these regulations and demonstrate to their consumers that privacy is a top priority," said Carl Kessler, senior vice president, Enterprise Management Solutions, Tivoli Systems Inc. "Tivoli SecureWay Privacy Manager can help increase consumer trust, protect brand integrity and help healthcare organizations comply with HIPAA."

Tivoli SecureWay Privacy Manager
Tivoli SecureWay Privacy Manager is built upon the proven success of Tivoli's market-leading authorization product, Tivoli SecureWay Policy Director. Tivoli SecureWay Privacy Manager:
§Consistently controls access to personal data through predefined privacy roles and categories of data that can be modified
§Provides access control based on the relationship between the user and the subject of the data
§Enforces access control at the application or field level
§Allows organizations to change privacy policy without multiple modifications to applications
§Audits access to private data
§Secures and controls access to legacy applications and Web-based applications
§Features WAP device access control support for wireless connectivity

IBM Solutions for HIPAA
Tivoli SecureWay Privacy Manager is part of broader range of IBM services and solutions available to help healthcare organizations comply with HIPAA regulations. The overall IBM solution includes:

·IBM HIPAA National Practice consulting servicesfor end-to-end transactions, security and privacy support
·Tivoli SecureWay software-for security, privacy, access and risk management
·Tivoli Storage Management software-to manage storing sensitive information
·Tivoli Enterprise™ management software, including Tivoli Disaster Recovery Manager, Tivoli Inventory and other software-to help address additional HIPAA requirements
·Other professional services-a wide range of services available from IBM, Tivoli, and Tivoli business partners, including consulting, assessment and implementation
·IBM Hardware

Criminal and Civil Penalties of Non-Compliance
The HIPAA statute and implementing privacy regulations create new criminal and civil penalties for improper use or disclosure of protected health information. In the past, there have not been specific federal penalties if a patient's right to privacy was violated. This rule applies the standards included in HIPAA to create new criminal penalties for knowing violations: up to $50,000 and one year in prison for obtaining or disclosing protected health information, up to $100,000 and up to five years in prison for obtaining or disclosing protected health information under "false pretenses," and up to $250,000 and up to ten years in prison for obtaining protected health information with the intent to sell, transfer or use it for commercial advantage, personal gain or malicious harm. For non-criminal violations, including disclosures made in error, there are civil monetary penalties of $100 per violation up to $25,000 per year, per standard. The Secretary of Health and Human Services has delegated enforcement authority for HIPAA privacy to the Office of Civil Rights, where individual can register complaints and seek civil penalties or referrals for criminal prosecution.

Related XML feeds
Topics XML feeds
Information Management, Lotus, Tivoli, Rational, WebSphere, Open standards, open source