The medical privacy rule: can hospitals comply using current health information systems?

This research provides an analysis of the implementation of the "standards for the privacy of individually identifiable health information " (medical privacy rule) published in August 14, 2002 by the Department of Health and Human Services (HHS) following the issuing of a privacy rule by the Clinton administration in December 2000 and later support by the Bush administration. The privacy rule went into effect April 14, 2001, with compliance required by April 2003 for most health providing entities. The resulting legislation is designed to ensure that the business activity of health providers is subject to privacy regulation. In this research we examine the ability of health organisations to respond to the requirements of this legislation and illustrate that this ability is affected by the quality of their patient data and the structure and security of their databases. This paper suggests that compliance with the legislative provisions creates implications for information systems development and design which large public hospitals have so far failed to consider or act upon.