Mervinskiy 533

Page 97

NIST SP 800-66r2 ipd INITIAL PUBLIC DRAFT

1416 1417 1418

IMPLEMENTING THE HIPAA SECURITY RULE: A CYBERSECURITY RESOURCE GUIDE

Glossary This appendix provides definitions for those terms used within this document that are defined principally in the HIPAA Security Rule. addressable [Sec. Rule, §164.306(d)(3)]

To meet the addressable implementation specifications, a covered entity or business associate must (i) assess whether each implementation specification is a reasonable and appropriate safeguard in its environment, when analyzed with reference to the likely contribution to protecting the electronic protected health information; and (ii) as applicable to the covered entity or business associate - (A) Implement the implementation specification if reasonable and appropriate; or (B) if implementing the implementation specification is not reasonable and appropriate—(1) document why it would not be reasonable and appropriate to implement the implementation specification; and (2) implement an equivalent alternative measure if reasonable and appropriate.

administrative safeguards [Sec. Rule, §164.304]

Administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity’s or business associate’s workforce in relation to the protection of that information.

affiliated covered entities [Sec. Rule, §164.105(b)]

Legally separate covered entities that are affiliated may designate themselves as a single covered entity for the purposes of this part.

authentication [Sec. Rule, §164.304]

The corroboration that a person is the one claimed.

availability [Sec. Rule, §164.304]

The property that data or information is accessible and usable upon demand by an authorized person.

business associate [Sec. Rule, §160.103]

(1) Except as provided in paragraph (4) of this definition, “business associate” means, with respect to a covered entity, a person who: (i) On behalf of such covered entity or of an organized healthcare arrangement (as defined in this section) in which the covered entity participates, but other than in the capacity of a member of the workforce of such covered entity or arrangement, creates, receives, maintains, or transmits protected health information for a function or activity regulated by this subchapter, including claims processing or

84

Turn static files into dynamic content formats.

Create a flipbook

Articles inside

HIPAA Security Rule Resources (Informative

29min
pages 141-176

5.3.5 Transmission Security (§ 164.312(e)(1

2min
pages 78-79

5.5.2 Documentation (§ 164.316(b

2min
pages 84-85

Glossary

10min
pages 97-104

Table 10 - Representative Examples – Non-Adversarial Threat Events

2min
pages 115-116

5.4 Organizational Requirements

8min
pages 80-83

Table 9 - Representative Examples – Adversarial Threat Events

14min
pages 107-114

5.3.3 Integrity (§ 164.312(c

3min
pages 74-75

Table 3 – Assessment Scale for Overall Likelihood

2min
page 27

5.3.2 Audit Controls (§ 164.312(b

3min
pages 72-73

Table 5 - Examples of Adverse Impacts

3min
pages 29-30

Table 2 – Common Threat Sources

2min
page 26

5.2.2 Workstation Use (§ 164.310(b

2min
pages 64-65

Table 4. Security Objectives and Impacts

2min
page 28

5.2.4 Device and Media Controls (§ 164.310(d

3min
pages 67-68

5.2.3 Workstation Security (§ 164.310(c

2min
page 66
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.