• Home
  • Blog
  • Contact

Call us toll free 0800 0000 900

support@hipaa.com
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceHIPAA Compliance
  • Home
  • Blog
  • Contact

Transmission Security: What This HIPAA Security Rule Technical Safeguard Standard Means

July 10, 2009 HIPAA Law No Comments

This is the fifth and last Technical Safeguard Standard of the HIPAA Administrative Simplification Security Rule.  It has two implementation specifications:  integrity controls; and encryption.  Each is addressable.  Addressable does not mean “optional.”  Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard.  As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010.  This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009.

For compliance with this Technical Safeguard Standard, a covered entity is required to implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.

In simplest terms, a covered entity must safeguard its electronic networks to ensure the availability and integrity of its electronic protected health information.  How the covered entity implements this safeguard is an outcome of the covered entity’s risk analysis.  A covered entity with only a local network with no connectivity to any entity outside of the covered entity will have a different solution than a covered entity with connectivity to outside entities.  With new federal regulations and incentives focused on increasing interoperability amongst healthcare stakeholders, it will be more and more important for covered entities to protect their networks.  A covered entity should explore options for safeguarding its electronic media by discussing safeguards with its business associate hardware and software vendors.  With open networks, such as the Internet, it is especially important to harden existing systems with up-to-date security software applications, firewalls, and intrusion detection systems.  In earlier postings on data back-up on HIPAA.com, we have discussed the importance of the integrity of electronic protected health information not be impaired by changes or alterations to electronic media.

We recommend that you consult the National Institute of Standards and Technology (NIST) Information Security Special Publication 800-63:  Electronic Authentication Guideline (Version 1.0.2), April 2006, which is available online at here.  This “document provides technical guidance to Federal agencies implementing electronic authentication.  The recommendation covers remote authentication of users over open networks.  It defines technical requirements for each of four levels of assurance in the areas of identity proofing, registration, tokens, authentication protocols and related assertions….  [This guideline] may also be used by nongovernmental organizations on a voluntary basis and is not subject to copyright (Attribution would be appreciated by NIST.)”  [Pp. iii-iv]

Tags: 20092010addressableAmerican Recovery and Reinvestment ActARRAauthentication protocolsavailabilitybusiness associateconnectivitycovered entityElectronic Authentication Guidelineelectronic communications networkelectronic mediaelectronic protected health informationFebruary 17firewallshardenhardware and software vendorshealthcare stakeholdersHIPAA Administrative SimplificationHIPAA Security RuleHITECH Actidentity proofingimplementation specificationintegrityInternetinteroperabilityintrusion detection systemlocal networkNational Institute of Standards and TechnologynetworksNISTNIST Special Publication 800-63open networksPresident ObamaregistrationRisk Analysissecurity software applicationsTechnical Safeguard Standardtokenstransmission securityunauthorized access
No Comments
Share
0

You also might be interested in

Exploring HIPAA and HITECH Act Definitions: Part 7

Nov 17, 2009

From now through November, HIPAA.com is providing a run through[...]

Physical Safeguard Standard, Workstation Use-What to Do and How to Do It

May 13, 2009

In our series on the HIPAA Administrative Simplification Security Rule,[...]

ONC Touts its 10 Step Plan for Meeting Meaningful Use Privacy and Security Attestation Requirements

Dec 4, 2012

In a recent Tweet, the Office of the National Coordinator for[...]

Leave a Reply Cancel Reply

Categories

  • 5010
  • American Recovery and Reinvestment Act
  • Enforcement
  • GINA
  • Health Care Reform
  • Health IT and HITECH
  • HIPAA Law
  • Identifiers
  • Meaningful Use
  • Privacy
  • Red Flags Rules
  • Security
  • Transactions & Code Sets
  • Uncategorized

Recent Posts

  • Contracting with Vendors that are NOT HIPAA Business Associates: Best Practices
  • HIPAA Breach: Who You Gonna Call?
  • Can I Be Sued for a HIPAA Violation?
  • Business Associate Agreements – a First Look at Indemnification
  • Gmail, Google Apps for Business HIPAA Business Associate Agreements

Archives

Contact Us

We're currently offline. Send us an email and we'll get back to you, asap.

Send Message

© 2023 · hipaa.com

Prev Next