Simple Understanding of the HIPAA Security Rule
HIPAA Security
Rule is one of five important rules formulated in Title II of Health Insurance
Portability and Accountability Act, orHIPAA for administrativesimplification.
Essence of Security Rule
This
rule is applicable to all covered entities that hold Protected Health Information
(PHI) in electronic form.
There
are three main categories of safeguards that are required for compliance with
this rule.They are administrative safeguards, physical safeguards and technical
safeguards.
For
each of these categories, security standards are identified and each standard
has a 'required' component and an 'addressable' component of implementation
specification.
While
the 'required' component of the standard is needed for compliance, the
'addressable' component of the standard is to be determined by the covered
entities and is flexible.
AdministrativeSafeguards
These
are the clearly defined policies and procedures that direct the way a covered entity
will comply with the act. The important aspects addressed here are:
1. Ongoing training on PHI and HIPAA
to the staff.
2. Recruitment of designated Privacy
Officer
3. Documented administrative
procedure to access, share, authorize, modify, document, discuss or terminate
information related to PHI.
4. Outsourced business process
must follow the same standards as the outsourcing entity.
5. Internal and external audit for
HIPAA compliances
6. Contingency plans in case of
emergencies or security breach.
PhysicalSafeguards
These
are the policies and procedures aimed at controlling access to records of PHI to
avoid inappropriate access and misuse. The focus here is on physical form of
records and storage components such as computer systems and hard drives.
The important
points addressed here are:
1. Electronic hardware containing
PHI must be protected.
2. Access to such hardware or computer
system must be controlled
3. Facility security plan, escorts
and visitor sign-in systems must be put in place.
webinars@globalcompliancepanel.com
http://www.globalcompliancepanel.com
Phone: 800-447-9407
Fax: 302-288-6884
No comments:
Post a Comment