MedAbiliti Software Inc.'s Chairman Edward Meinert Encourages Immediate Compliance with HIPAA's Security Rule, in Light of Increased Security Risks

MedAbiliti Software Inc.'s Chairman Edward Meinert Encourages Immediate Compliance with HIPAA's Security Rule, in Light of Increased Security Risks

New York, NY, October 15, 2003

The recent onslaught of viruses, worms, trojans, and other malware, such as the SoBig virus, highlights the urgency for covered entities to comply with HIPAA's Security Rule immediately to protect patient data, MedAbiliti's Chairman Edward Meinert warned today in a speech on HIPAA at the American Boiler Manufacturers' Association's Fall Conference in San Francisco, CA.

"If hackers can break into your system by means of viruses, trojans, worms and other malware, they can likely access your patient records too," says Meinert. "There is wisdom in the law's encouragement to get started now. With an increased flow of digital medical information, and the increase in security vulnerabilities being revealed, there is a real and immediate danger of misuse that can cost a patient his privacy and a company its reputation.

"Security is not something that can be handled casually or by those with no experience in the field," adds Meinert. "If your business is affected by HIPAA -- and anyone using electronic medical data is affected -- you have to comply with the security rule sooner or later. Since this involves audits, business changes, and employee training, it is not something that can be done at the last minute with any hope of successful compliance. Given the mushrooming problems we're seeing with computer security breaches on a monthly basis in the news, if your business is not secure right now you are already at risk."

The HIPAA security rule adopts standards for the security of electronic protected health information by health plans, health care clearinghouses and certain health care providers. Most covered entities have until April 21, 2005, to comply with the security standards; small health plans will have an additional year to comply, although the encouragement in the rule is to get started now. Further, HIPAA's Privacy Rule, already in place, requires that covered entities to take steps to protect patient data integrity, and this requirement is in effect.

"If compliance with past HIPAA deadlines is any indication, however, many businesses will wait until 2005 to begin worrying about security compliance," says Meinert. "In a connected world, this can be the wrong decision. All businesses need to learn to protect themselves better in an electronic age. HIPAA merely sets a deadline for mastering certain computer security systems in order to have the structure to comply with its standards. Complying with HIPAA regulations, far from hurting a company, positions that company to master what is needed for its own protection, as well as the protection of patients. The complexity of health care, coupled with the power of computers, offer opportunities to those who recognize the value of developing a structure to improve security, efficiency, and organizational policies."

Getting medical information to those with a legitimate right and need to have it via electronic transmission presents opportunities whereby unprotected medical and other private information could be intercepted by those with no right to it, or misused or mishandled by those who care less about privacy than they should.

"This can lead to the real danger that a patient's most private and vulnerable information will be made public by ways in which will embarrass or damage the reputation of a company," cautions Meinert.

MedAbiliti Software Inc. specializes in HIPAA compliance auditing and training. MedAbiliti focuses solely on the medical field and has extensive experience with computer security.

"At MedAbiliti," says MedAbiliti CEO Nicolas Richards, "we understand security techniques, and we know the medical markets. Our HIPAA expertise has allowed us to help bring clients into compliance with government security regulations in ways that also help to protect their data from computer intruders and virus creators. Frankly, these days, you don't have to be in the medical field to want and need that kind of protection, but if you are in the medical field, it's truly an urgent matter that needs addressing now."

The fundamental goal of the HIPAA Security Rule is to cover all stored electronic data. Electronic transmissions include transactions using all media, even when the information is physically moved from one location to another using magnetic tape, disk, or other machine-readable media. Transmissions over the Internet, extranet, leased lines, dial-up lines, private networks, and portable devices such as laptops are included. The final security rule requires covered entities to periodically conduct an evaluation of their security safeguards to demonstrate and document their compliance with the entity's security policy and the requirements of HIPAA.

About MedAbiliti

MedAbiliti designs, develops, and deploys information solutions for the health care industry, including full HIPAA compliance consulting and training. MedAbiliti's approach to development is one that applies international quality assurance methods to application access, data analysis, and process efficiency. MedAbiliti's commitment to structured software methodology, software engineering practices, quality standards for data deployment/access, confidentiality and security of sensitive data, and commitment to customer-client management, position it as an emerging industry leader in medical software design and implementation. MedAbiliti news and company information can be found on Bloomberg under the ticker symbol: 202163Z EQUITY and on the Web at http://www.medabiliti.com.