• Home
  • Blog
  • Contact
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceHIPAA Compliance
  • Home
  • Blog
  • Contact

Transmission Security Integrity Controls: What to Do and How to Do It

July 13, 2009 HIPAA Law No Comments

In our series on the HIPAA Administrative Simplification Security Rule, this is the first implementation specification for the Technical Safeguard Standard, Transmission Security.  This implementation specification is addressable. Addressable does not mean “optional.”  Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard.  As we noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010.  This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009.

What to Do

Implement security measures to ensure that electronically transmitted protected health information is not improperly modified without detection until disposed of.

How to Do It

A covered entity must ensure data integrity.  Integrity is “the property that data or information have not been altered or destroyed in an unauthorized manner.” As a covered entity, you ensure that electronic protected health information is not altered without appropriate knowledge and approval of your Security Official.  To do this, you need to assign appropriate authentication credentials to workforce members and business associates and make sure that all entries by an authenticated user are tracked appropriately through audit trails.  The Security Official should be responsible for periodically examining the audit trails to ensure integrity, and for applying appropriate sanctions if changes to electronic protected health information are made without authorization.  During review and update of the covered entity’s risk analysis, the Security Official should report on the success of the integrity controls, based on an empirical review of the audit trails and any incidence of unauthorized modification of electronic protected health information.

Tags: 20092010addressableAmerican Recovery and Reinvestment Actappropriate sanctionsARRAaudit trailsauthenticated userauthentication credentialsbusiness associatecovered entitydata integrityelectronic protected health informationelectronically transmitted protected health informationFebruary 17HIPAA Administrative SimplificationHIPAA Security RuleHITECH Actimplementation specificationintegrityintegrity controlsPresident ObamaRisk AnalysisSecurity OfficialTechnical Safeguard Standardtransmission controlunauthorized mannerunauthorized modificationworkforce members
No Comments
Share
0

You also might be interested in

Openness and Transparency Key Privacy/Security Principle of Meaningful Use 2011 Objectives

Jun 29, 2009

On December 15, 2008, the Office of the National Coordinator[...]

HIPAA Final Rule: Notice of Privacy Practices for Protected Health Information: Content of Notice (1)

Mar 22, 2013

March 22, 2013.  Today, we continue going through the HIPAA[...]

Safeguards Key Privacy/Security Principle of Meaningful Use 2011 Objectives

Jul 3, 2009

On December 15, 2008, the Office of the National Coordinator[...]

Leave a Reply Cancel Reply

Categories

  • 5010
  • American Recovery and Reinvestment Act
  • Enforcement
  • GINA
  • Health Care Reform
  • Health IT and HITECH
  • HIPAA Law
  • Identifiers
  • Meaningful Use
  • Privacy
  • Red Flags Rules
  • Security
  • Transactions & Code Sets
  • Uncategorized

Recent Posts

  • Contracting with Vendors that are NOT HIPAA Business Associates: Best Practices
  • HIPAA Breach: Who You Gonna Call?
  • Can I Be Sued for a HIPAA Violation?
  • Business Associate Agreements – a First Look at Indemnification
  • Gmail, Google Apps for Business HIPAA Business Associate Agreements

Archives

Contact Us

We're currently offline. Send us an email and we'll get back to you, asap.

Send Message
HIPAA- Health Insurance Portability Accountability Act

© 2023 · hipaa.com

Prev Next