• Home
  • Blog
  • Contact
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceHIPAA Compliance
  • Home
  • Blog
  • Contact

Integrity: What This HIPAA Security Rule Technical Safeguard Standard Means

June 11, 2009 Security No Comments

This is the third Technical Safeguard Standard of the HIPAA Administrative Simplification Security Rule. It has one implementation specification:  mechanism to authenticate electronic protected health information. This implementation specification is addressable. Addressable does not mean “optional.”  Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009.

For compliance with this Technical Safeguard Standard, a covered entity is required to implement policies and procedures to protect electronic protected health information from improper alteration or destruction.

Integrity means that a covered entity’s data are dependable and accurate. It also means that the authorized user can have access to the right information at the appropriate time, and that the data are not altered or destroyed in any manner. Inaccurate electronic protected health information could result in harm or even potential death of a patient. In addition, the risk of such information could adversely impair the business viability of one or more covered entities. It is for these reasons that integrity is one of the foundational concepts underpinning HIPAA Administrative Simplification, along with availability and confidentiality.

The Technical Safeguard Standards of access control and audit control can help in maintaining confidentiality of electronic protected health information, but data comprising such information can become inaccurate or corrupt from several sources, including data entry errors, hacking or tampering, mechanical errors in storage devices, transmission error, and inadequate data capture from poorly integrated or interfaced electronic information systems. Also, corruption of data can be due to software or programming bugs, computer viruses, or human error. A covered entity must ensure that its electronic protected health information, as well as other critical electronic business information, has not been altered or destroyed without its knowledge and approval.

Tags: 20092010access controladdressableAmerican Recovery and Reinvestment ActARRAaudit controlavailabilitybusiness associatecomputer virusconfidentialitycorruption of datacovered entitydata entry errorelectronic information systemselectronic protected health informationFebruary 17hackingHIPAA Administrative SimplificationHIPAA Security RuleHITECH Acthuman errorimplementation specificationintegratedintegrityinterfacedmechanical errormechanism to authenticate electronic protected health informationPresident Obamaprogramming bugstorage devicetamperingTechnical Safeguard Standardtransmission error
No Comments
Share
0

You also might be interested in

Physical Safeguard Standard, Workstation Security-What to Do and How to Do It

May 14, 2009

In our series on the HIPAA Administrative Simplification Security Rule,[...]

HIPAA Final Rule: Modification of Business Associate Definition, Parts (1) & (2)

Feb 8, 2013

February 8, 2013.  Today, we examine (1) and (2)—the first[...]

Facility Access Controls: Facility Security Plan-What to Do and How to Do It

Apr 27, 2009

In our series on the HIPAA Administrative Simplification Security Rule,[...]

Leave a Reply Cancel Reply

Categories

  • 5010
  • American Recovery and Reinvestment Act
  • Enforcement
  • GINA
  • Health Care Reform
  • Health IT and HITECH
  • HIPAA Law
  • Identifiers
  • Meaningful Use
  • Privacy
  • Red Flags Rules
  • Security
  • Transactions & Code Sets
  • Uncategorized

Recent Posts

  • Contracting with Vendors that are NOT HIPAA Business Associates: Best Practices
  • HIPAA Breach: Who You Gonna Call?
  • Can I Be Sued for a HIPAA Violation?
  • Business Associate Agreements – a First Look at Indemnification
  • Gmail, Google Apps for Business HIPAA Business Associate Agreements

Archives

Contact Us

We're currently offline. Send us an email and we'll get back to you, asap.

Send Message
HIPAA- Health Insurance Portability Accountability Act

© 2023 · hipaa.com

Prev Next