• Home
  • Blog
  • Contact
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceHIPAA Compliance
  • Home
  • Blog
  • Contact

Information Access Management-What This HIPAA Security Rule Administrative Safeguard Standard Means

February 25, 2009 HIPAA Law No Comments

This is the fourth Administrative Safeguard Standard of the HIPAA Administrative Simplification Security Rule. It has three implementation specifications: Isolating Healthcare Clearinghouse Functions; Access Authorization; and Access Establishment and Modification. The first is required; the second and third are addressable. Addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. Further, as we noted in a posting last week, with enactment of the American Recovery and Reinvestment Act of 2009 on February 17, 2009, business associates also will be required to comply with the Security Rule standards, effective February 17, 2010.

The covered entity is required to implement policies and procedures for authorizing access to electronic protected health information that are consistent with the applicable requirements of the HIPAA Administrative Simplification Privacy Rule. The Information Access Management Administrative Safeguard ensures that a covered entity has a management system in place to authorize workforce members to have access to electronic protected health information via a “workstation, transaction, program, process, or other mechanism.” [68 Federal Register 8377]  The required Isolating Healthcare Clearinghouse implementation specification may not have a direct relevance to a covered entity, but may have indirect relevance if the covered entity uses a clearinghouse under a business associate agreement. The two other implementation specifications of the Information Access Management Administrative Safeguard—Access Authorization and Access Establishment and Modification—recognize that there are alternatives to complying with this standard based on the covered entity’s size and degree of automation.

Tags: Access AuthorizationAccess Establishment and ModificationaddressableAdministrative SafeguardAmerican Recovery and Reinvestment Actbusiness associatecovered entityelectronic protected health informationFederal RegisterHIPAA Administrative SimplificationHIPAA Administrative Simplification Privacy RuleHIPAA Security Ruleimplementation specificationInformation Access ManagementIsolating Healthcare Clearinghouse Functionspolicies and proceduresrequiredstandardtransactionworkstation
No Comments
Share
0

You also might be interested in

HHS Publishes NPRM for HIPAA Health Plan Identifier and Delay for ICD-10 Compliance Date

Apr 17, 2012

April 17, 2012.  The Office of the Secretary of the[...]

Final Rule: Modified Definition of Breach

Jan 28, 2013

January 28, 2013.  Today, we want to explore the modified[...]

HHS appoints members to HIT Policy and Standards Committee

May 11, 2009

On Friday, May 8, 2009, the U.S. Department of Health[...]

Leave a Reply Cancel Reply

Categories

  • 5010
  • American Recovery and Reinvestment Act
  • Enforcement
  • GINA
  • Health Care Reform
  • Health IT and HITECH
  • HIPAA Law
  • Identifiers
  • Meaningful Use
  • Privacy
  • Red Flags Rules
  • Security
  • Transactions & Code Sets
  • Uncategorized

Recent Posts

  • Contracting with Vendors that are NOT HIPAA Business Associates: Best Practices
  • HIPAA Breach: Who You Gonna Call?
  • Can I Be Sued for a HIPAA Violation?
  • Business Associate Agreements – a First Look at Indemnification
  • Gmail, Google Apps for Business HIPAA Business Associate Agreements

Archives

Contact Us

We're currently offline. Send us an email and we'll get back to you, asap.

Send Message
HIPAA- Health Insurance Portability Accountability Act

© 2023 · hipaa.com

Prev Next