Complying with HIPAA Security Rule

What is HIPAA? • HIPAA: Health Insurance Portability and Accountability Act • It was passed by Congress in 1996 • It includes requirements for: – Transfer and continuation of health insurance coverage for millions of American workers and their families when they change or lose their jobs – Reducing healthcare fraud and waste – The protection and confidential handling of protected health information

HIPAA Security Rule • Establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. • Requires appropriate safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. • Safeguards include: – Administrative – Physical – Technical

Administrative Safeguards HIPAA security rule requires covered entities to implement the following administrative safeguards: • Security Management Process • Security Personnel • Information Access Management • Workforce Training • Evaluation

Physical Safeguards The security rule requires covered entities to implement physical safeguards such as: • Facility Access and Control ●

Access can be restricted through use of access cards, biometric scanners, keys, pass codes and so on

• Workstation and Device Security –

Develop and implement policies for workstation and device security

–

Implement unique password/user ids for each user

–

Proper user logs and records should be maintained

Technical Safeguards The security rule requires a covered entity to implement technical safeguards such as: • Access Controls • Audit Controls • Integrity Controls • Transmission Security

Want to learn more about HIPAA, HIPAA Privacy and Security Rule, its requirements and best practices to comply with them? ComplianceOnline webinars and seminars are a great training resource. Check out the following links: • How to examine security policies, practices, and risk issues to comply with HIPAA • How to use social media and texting without breaking HIPAA rules • How to Conduct risk analysis to comply with HIPAA • HIPAA/HITECH Assessment for Healthcare Business Associates • How to comply with HIPAA Omnibus Rule • Understanding new rules and responsibilities of Privacy Officer under HIPAA • HIPAA Security and Breach Rule Compliance

Turn static files into dynamic content formats.

Create a flipbook

Complying with HIPAA Security Rule

Published on Oct 27, 2014

compliance online

What is HIPAA? HIPAA: Health Insurance Portability and Accountability Act It was passed by Congress in 1996 It includes requirements for: Transfer and continuation of health insurance coverage for millions of American workers and their families when they change or lose their jobs Reducing healthcare fraud and waste The protection and confidential handling of protected health information HIPAA Security Rule Establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. Requires appropriate safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. Safeguards include: Administrative Physical Technical Administrative Safeguards HIPAA security rule requires covered entities to implement the following administrative safeguards: Security Management Process Security Personnel Information Access Management Workforce Training Evaluation