• Home
  • Blog
  • Contact

Call us toll free 0800 0000 900

support@hipaa.com
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceHIPAA Compliance
  • Home
  • Blog
  • Contact

Security Incident Procedures: What This HIPAA Security Rule Administrative Safeguard Standard Means

March 2, 2009 HIPAA Law No Comments

This is the sixth Administrative Safeguard Standard of the HIPAA Administrative Simplification Security Rule. It has one implementation specification:  Response and Reporting, which is required for compliance. As we have noted in earlier postings, with enactment of the American Recovery and Reinvestment Act of 2009 (“ARRA”) on February 17, 2009, business associates also will be required to comply with the Security Rule standards, effective February 17, 2010.

This safeguard standard and its implementation specification require covered entities to establish policies and procedures to respond to security incidents and to report them. A security incident is defined as “the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.” [68 Federal Register 8376]. This definition is comprehensive, covering a wide variety of risks to information and systems that a covered entity may encounter. The definition also highlights the imperative for covered entities to consider in its risk analysis potential vulnerabilities and threats that could impact vulnerable information and system points in the absence of actions to mitigate those risks.

On Tuesday, March 3, HIPAA.com will post a discussion of the Response and Reporting implementation specification for the Security Incident Procedures Safeguard Standard, and will include a sample Security Incident Report and Security Incident Log formats.

Tags: 20092010Administrative Safeguard StandardAmerican Recovery and Reinvestment Act of 2009ARRAbusiness associatesFebruary 17Federal RegisterHIPAA Security Ruleimplementation specificationResponse and Reportingsecurity incidentSecurity Incident LogSecurity Incident ProceduresSecurity Incident ReportSecurity Rulesystem operationssystem pointsthreatsunauthorized accessunauthorized destructionunauthorized disclosureunauthorized modificationunauthorized usevulnerabilities
No Comments
Share
0

You also might be interested in

Data Quality and Integrity Key Privacy/Security Principle of Meaningful Use 2011 Objectives

Jul 2, 2009

On December 15, 2008, the Office of the National Coordinator[...]

HIPAA Final Rule: Breach Notification Guidance Safe Harbor

Jan 30, 2013

January 30, 2013.  Today, we look at the definition of[...]

Facility Access Controls: Contingency Operations-What to Do and How to Do It

Apr 24, 2009

In our series on the HIPAA Administrative Simplification Security Rule,[...]

Leave a Reply Cancel Reply

Categories

  • 5010
  • American Recovery and Reinvestment Act
  • Enforcement
  • GINA
  • Health Care Reform
  • Health IT and HITECH
  • HIPAA Law
  • Identifiers
  • Meaningful Use
  • Privacy
  • Red Flags Rules
  • Security
  • Transactions & Code Sets
  • Uncategorized

Recent Posts

  • Contracting with Vendors that are NOT HIPAA Business Associates: Best Practices
  • HIPAA Breach: Who You Gonna Call?
  • Can I Be Sued for a HIPAA Violation?
  • Business Associate Agreements – a First Look at Indemnification
  • Gmail, Google Apps for Business HIPAA Business Associate Agreements

Archives

Contact Us

We're currently offline. Send us an email and we'll get back to you, asap.

Send Message

© 2023 · hipaa.com

Prev Next