• Home
  • Blog
  • Contact

Call us toll free 0800 0000 900

support@hipaa.com
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceHIPAA Compliance
  • Home
  • Blog
  • Contact

Person or Entity Authentication: What This HIPAA Security Rule Technical Safeguard Standard Means

July 8, 2009 HIPAA Law No Comments

This is the fourth Technical Safeguard Standard of the HIPAA Administrative Simplification Security Rule.  There is not a separately described implementation specification.  Rather, this standard’s implementation specification is connoted in the language of the standard and is required.  As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010.  This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009.

For compliance with this Technical Safeguard Standard, a covered entity is required to implement procedures to verify that a person or entity seeking access to electronic protected health information is the person or entity claimed.

This standard means that a covered entity’s Security Official must establish policies and procedures that require a workforce member or business associate, such as the covered entity’s software or hardware vendor, to verify who or what entity seeks access to electronic protected health information.  This standard requires more than just password management, and includes maintaining audit trails so that the covered entity can authenticate who or what entity is creating, reading, altering, destroying, or transmitting electronic protected health information.  Procedures for authentication control will be though features associated with the covered entity’s electronic information systems, and may be part of a software application, operating systems, database, or a combination thereof.  The Security Official should consult with its hardware and software vendors regarding authentication regarding its electronic media.  A covered entity will should consider threats and vulnerabilities regarding authentication as part of its risk analysis.

Tags: 20092010American Recovery and Reinvestment ActARRAaudit trailsbusiness associatecovered entitydatabaseelectronic information systemselectronic mediaelectronic protected health informationFebruary 17hardware and software vendorsHIPAA Administrative SimplificationHIPAA Security RuleHITECH Actimplementation specificationoperating systempassword managementperson or entity authenticationpolicies and proceduresPresident ObamarequiredRisk AnalysisSecurity Officialsoftware applicationTechnical Safeguard Standardthreats and vulnerabilitiesworkforce member
No Comments
Share
0

You also might be interested in

Access Control: Encryption and Decryption-What to Do and How to Do It

Jun 8, 2009

In our series on the HIPAA Administrative Simplification Security Rule,[...]

The Definition of Electronic Health Record

May 10, 2009

This posting is one of several that outline the HITECH[...]

Exploring HIPAA and HITECH Act Definitions: Part 5

Nov 4, 2009

From now through November, HIPAA.com is providing a run through[...]

Leave a Reply Cancel Reply

Categories

  • 5010
  • American Recovery and Reinvestment Act
  • Enforcement
  • GINA
  • Health Care Reform
  • Health IT and HITECH
  • HIPAA Law
  • Identifiers
  • Meaningful Use
  • Privacy
  • Red Flags Rules
  • Security
  • Transactions & Code Sets
  • Uncategorized

Recent Posts

  • Contracting with Vendors that are NOT HIPAA Business Associates: Best Practices
  • HIPAA Breach: Who You Gonna Call?
  • Can I Be Sued for a HIPAA Violation?
  • Business Associate Agreements – a First Look at Indemnification
  • Gmail, Google Apps for Business HIPAA Business Associate Agreements

Archives

Contact Us

We're currently offline. Send us an email and we'll get back to you, asap.

Send Message

© 2023 · hipaa.com

Prev Next