Healthcare Decision: IT Security Implications for Small Business
Although there was some confusion at first in the news media concerning the Supreme Court's landmark decision on President Obama's Affordable Care Act, now that experts have had a chance to digest the ruling fully, it is clear that the health care law has been upheld in most of its major details. This may not seem like it has IT security implications, but it actually does because the law moving forward means not only that states will need to set up exchanges for health insurance purchases, but that all ACOs will have to meet new requirements related to information technology.
ACOs are accountable care organizations. They, like the state-based exchanges, will have to take care to be sure that medical records and other patient data remain secure and confidential. The Affordable Care Act touches on these issues, to be sure, but other laws will apply including the HITECH Act, which was actually a part of recent economic stimulus legislation and is not technically under the umbrella of ‘Obamacare’.
Nevertheless, the retention of much of the Affordable Care Act will mean that small and medium-sized businesses, whose operations involve care for patients, will have to face the need for IT governance support since the reforms envisioned under the Affordable Care Act provide for high levels of integration of information technology with medical provisioning and practice. Even a small medical firm with only a half-dozen doctors under its roof will need to address these challenges, as will the sole practitioner. One of the challenges will be the creation of online medical health histories; Obamacare views this objective as a primary reform that will help to lower health costs by eliminating much redundancy in care.
The new efficiencies in medical care this opens up should indeed reduce costs and improve outcomes, both of which are good news for patients. For small and medium-sized organizations struggling to meet the mandates involved, however, it may prove quite challenging.
The best way to proceed is to work closely with an IT consulting firm that can help you understand the implications of IT governance and compliance. Creating an online medical records system may mean project work with such a firm, while maintaining it afterwards in a secure manner might best be done through a managed services approach in which IT support and monitoring is delivered on a continuous basis.