• Home
  • Blog
  • Contact
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceHIPAA Compliance
  • Home
  • Blog
  • Contact

Safeguards Key Privacy/Security Principle of Meaningful Use 2011 Objectives

July 3, 2009 Meaningful Use, Privacy No Comments

On December 15, 2008, the Office of the National Coordinator for Health Information Technology of the U.S. Department of Health and Human Services (HHS) published its 11 page report: Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information. The eight principles in this report underpin the HIPAA Administrative Simplification Privacy and Security Rule standards, provide a foundation of the Privacy provisions of the HITECH Act in the American Recovery and Reinvestment Act of 2009, signed by President Obama on February 17, 2009, and are a key objective of proposed 2011 Objective recommendations for Meaningful Use published by HHS’ Health IT Policy Committee on June 16, 2009. The Framework and Meaningful Use documents are available here.

In this series of postings, we reproduce—one at a time—Level 1 and Level 2 descriptions of the eight principles. A Level 1 (L1) description is a “short title and concise statement,” and a Level 2 (L2) description is a “short explanation that further elaborates on the principle, what it is designed to do, and its parameters.”

The seventh of the eight principles is:

(L1) SAFEGUARDS. Individually identifiable health information should be protected with reasonable administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure. [p. 9]

(L2) Trust in electronic exchange of individually identifiable health information can only be achieved if reasonable administrative, technical, and physical safeguards are in place to protect individually identifiable health information and minimize the risks of unauthorized or inappropriate access, use, or disclosure. These safeguards should be developed after a thorough assessment to determine any risks or vulnerabilities to individually identifiable health information. Persons and entities that participate in a network for the purpose of electronic exchange of individually identifiable health information should implement administrative, technical, and physical safeguards to protect information, including assuring that only authorized persons and entities and employees of such persons or entities have access to individually identifiable health information. Administrative, technical, and physical safeguards should be reasonable in scope and balanced with the need for access to individually identifiable health information.

Definitions of Safeguards Pertaining to This Principle

Administrative safeguards: Administrative actions, and policies and procedures to manage the selection, development, implementation, and maintenance of security measures to protect electronic individually identifiable health information and to manage the conduct of the entity’s workforce in relation to the protection of that information. Administrative safeguards include policies and procedures, workforce training, risk management plans, and contingency plans.

Physical safeguards: Physical measures, policies and procedures to protect electronic information systems and related buildings and equipment from natural and environmental hazards, and unauthorized intrusion. Physical safeguards include workstation security and use procedures, facility security plans, data backup and storage, and portable device and media controls.

Technical safeguards: The technology and the policies and procedures for its use that protect electronic individually identifiable health information and control access to it.

Tags: 200820092011 Objectivesadministrative safeguardsAmerican Recovery and Reinvestment Act of 2009authorized entitiesauthorized personsDecember 15Electronic ExchangeFebruary 17Health IT Policy CommitteeHHSHIPAA Administrative Simplification standardsHITECH Actinappropriate accessIndividually Identifiable Health InformationJune 16Level 1Level 2Meaningful Useminimize risksNationwide Privacy and Security FrameworknetworkOffice of the National Coordinator for Health Information Technologyphysical safeguardsPresident Obamaprinciplesprotectreasonablesafeguardstechnical safeguardstrustunauthorized disclosureunauthorized use
No Comments
Share
0

You also might be interested in

EFT and RA Transaction Operating Rules IFC Published in Federal Register August 10

Aug 10, 2012

August 10, 2012.  Today, the Interim Final Rule with comment[...]

Privacy Guidance

Jan 19, 2009

STANDARDS FOR PRIVACY OF INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION 45 CFR[...]

IFR for HIPAA EFT Standard to be Published in Federal Register January 10, 2012

Jan 5, 2012

HIPAA.com discussed in its preceding posting this Interim Final Rule[...]

Leave a Reply Cancel Reply

Categories

  • 5010
  • American Recovery and Reinvestment Act
  • Enforcement
  • GINA
  • Health Care Reform
  • Health IT and HITECH
  • HIPAA Law
  • Identifiers
  • Meaningful Use
  • Privacy
  • Red Flags Rules
  • Security
  • Transactions & Code Sets
  • Uncategorized

Recent Posts

  • Contracting with Vendors that are NOT HIPAA Business Associates: Best Practices
  • HIPAA Breach: Who You Gonna Call?
  • Can I Be Sued for a HIPAA Violation?
  • Business Associate Agreements – a First Look at Indemnification
  • Gmail, Google Apps for Business HIPAA Business Associate Agreements

Archives

Contact Us

We're currently offline. Send us an email and we'll get back to you, asap.

Send Message
HIPAA- Health Insurance Portability Accountability Act

© 2023 · hipaa.com

Prev Next