• Home
  • Blog
  • Contact
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceHIPAA Compliance
  • Home
  • Blog
  • Contact

Physical Safeguard Standards of the HIPAA Administrative Simplification Security Rule

April 22, 2009 HIPAA Law No Comments

There are four physical safeguard standards: facility access controls, workstation use, workstation security, and device and media controls. Each standard has implementation specifications, which can be required or addressable. Remember, addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act ARRA, signed by President Obama on February 17, 2009.

Physical safeguard standards pertain to a covered entities physical location (facility), who has access to the facility and when, how hardware and software systems are protected and used in the facility, how electronic protected health information is safeguarded on hardware in the facility, how records of electronic protected health information are properly disposed of, and how media containing such records are used and reused after disposal of records of electronic protected health information.

We cover the four physical safeguard standards and their 10 implementation specifications in 12 postings.

Tags: 20102019addressableAmerican Recovery and Reinvestment ActARRAbusiness associatecovered entitydevice and media controlsdisposalelectronic protected health informationfacilityfacility access controlsFebruary 17hardwareHIPAA Administrative SimplificationHITECH Actphysical locationphysical safeguard standardsPresident Obamareasonable and appropriaterequiredSecurity Rulesoftwareworkstation securityworkstation use
No Comments
Share
0

You also might be interested in

OCR Reports 107 Breaches Affecting Over 4 Million Individuals (II)

Jul 9, 2010

The Office for Civil Rights (OCR) regularly updates its Web[...]

Information Access Management: Access Establishment and Modification-What to Do and How to Do It

Feb 27, 2009

In our series on the HIPAA Administrative Simplification Security Rule,[...]

HIPAA Final Rule: Breach Notification Guidance Safe Harbor

Jan 30, 2013

January 30, 2013.  Today, we look at the definition of[...]

Leave a Reply Cancel Reply

Categories

  • 5010
  • American Recovery and Reinvestment Act
  • Enforcement
  • GINA
  • Health Care Reform
  • Health IT and HITECH
  • HIPAA Law
  • Identifiers
  • Meaningful Use
  • Privacy
  • Red Flags Rules
  • Security
  • Transactions & Code Sets
  • Uncategorized

Recent Posts

  • Contracting with Vendors that are NOT HIPAA Business Associates: Best Practices
  • HIPAA Breach: Who You Gonna Call?
  • Can I Be Sued for a HIPAA Violation?
  • Business Associate Agreements – a First Look at Indemnification
  • Gmail, Google Apps for Business HIPAA Business Associate Agreements

Archives

Contact Us

We're currently offline. Send us an email and we'll get back to you, asap.

Send Message
HIPAA- Health Insurance Portability Accountability Act

© 2023 · hipaa.com

Prev Next