What is the connection between Gun controls laws to be implemented in USA and HIPAA? Yes very recently, the department of health and human services (HHS), has finalized a rule that modifies the Health Insurance Portability and Accountability Act (HIPAA).
The rule allows specific organizations to share information to the National Instant Criminal Background Check system (NICS) about those individuals involuntarily committed to mental institutions. This would be a part of background check for possessing fire arms and is aimed as a long term solution for the recent gun crises in USA.
Those specific organizations would need to share specific data limited to identifying the individual to NICS without any clinical information. Although the rule claims that it applies to a small subset and the rule claims about the following type of organizations:
- Organizations making mental health determinations
- Organizations designated by states to conduct such tests
How does it affect the IT sector?
This would result in changes to the existing IT security system to the organizations governed by HIPAA (assessors). The organization might have to expose their patients feed, specific to certain conditions (mental disorders) to NICS in a secured manner. The existing Identity and Access Management system and other security systems need to be tweaked to ensure compliance to the newly proposed HIPAA. Most importantly strong Separation of Duty (SOD) controls and fine-grained access control needs to be in place to ensure privacy of patients and adherence to newly proposed HIPAA.
The full federal law can be found here:
Authored by Siddharth V