Cognos and HIPAA

The healthcare industry is experiencing sweeping changes. At the heart of the matter is the necessity to improve healthcare delivery through standardizing electronic data interchange, while at the same time, protecting the confidentiality and security of health information.

In response, the U.S. Government introduced the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The "Administrative Simplification" aspect of HIPAA requires the United States Department of Health and Human Services (DHHS) to develop standards and requirements for the maintenance and transmission of sensitive health information. As a result, the regulations promulgated by DHHS are far-reaching.

"All healthcare organizations that maintain or transmit electronic health information must comply."

Cognos believes that protecting the confidentiality and privacy of individually identifiable health information is of paramount importance and we fully support the regulations being mandated by DHHS.

Cognos will address the protection of personal health information via its software through a review process. This review process will consult the Security and Electronic Signature Standards of HIPAA as well as further guidance issued by the U.S. Department of Health and Human Services. It should be noted that the Security Standard is being jointly developed by the Centers for Medicare & Medicaid Services (CMS) and the Department of Commerce, but has not yet been finalized, while the Electronic Signature Standard is awaiting recommendation by the National Committee on Vital and Health Statistics (NCVHS).

In the absence of finalized requirements for the Security and Electronic Signature standards associated with HIPAA, Cognos will develop its definition of compliance based on the proposed standards and report on the compliance status of its software products as part of its review process. This information will be provided as it becomes available. Based on the assessment arising from the review process, Cognos will address the requirements in its ongoing product releases using a phased-in approach as Cognos (and its customers) gain a better understanding of how best to implement the requirements of HIPAA.

Cognos supplies software tools that its users and third party partners use to develop solutions aimed at analyzing business data. Customers should note that a HIPAA statement for a Cognos product does not mean that all developed business intelligence solutions or the data analyzed with those Cognos tools will be or become HIPAA compliant. It is the implementation of features that determines the compliance of a business intelligence solution. It is up to the user of Cognos software to develop a solution that adheres to the requirements mandated by the HIPAA legislation.