Month: September 2009

Is Certification a Surrogate for HIPAA Privacy and Security Training?

Several visitors to HIPAA.com have asked if ‘certification’ can substitute for compliance with the HIPAA Privacy and Security training standards and new Privacy requirements under the HITECH Act. Generally, certification is a snapshot in a moment of time. The Merrim-Webster’s Collegiate Dictionary (11th ed.) defines certification as the act or state of “attest[ing] as being true or as represented or as meeting a standard.” Certification generally is done by an external source. Training is an ongoing internal process for safeguarding protected health information from unauthorized use or disclosure as business policies and procedures evolve and regulatory standards are initiated or modified. Further, training requires that workforce members, including management, demonstrate…

READ MORE

Three Key Properties of HIPAA Privacy and Security of Protected Health Information

HIPAA.com has received from its readers requests for information on topics related to HIPAA Administrative Simplification Privacy and Security Rules and to updates to those rules reflected in the HITECH Act provisions of the American Recovery and Reinvestment Act of 2009, signed by President Obama on February 17, 2009.  Recently, HIPAA.com answered the question of particular interest to several readers:  what exactly is protected health information (PHI)?  In this posting, we answer the question:  what are the fundamental properties that underlie privacy and security of protected health information? Three Key Properties The three key properties that underpin privacy and security under the Health Insurance Portability and Accountability Act (HIPAA) are availability,…

READ MORE