Security Management Process: Risk Management-What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the second implementation specification for the Administrative Safeguard Standard (Security Management Process).  This implementation specification is required. What to Do Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with the general requirements of the security standard as outlined in 45 CFR 306(a).  The general requirements are: 1. Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains, or transmits. 2. Protect against any reasonably anticipated threats or hazards to the security or integrity of such information. 3. Protect against any reasonably…

READ MORE

HIPAA Administrative Simplification: Modifications to Medical Data Code Set Standards to Adopt ICD-10-CM and ICD-10-PCS

Standards. The final rule adopts modifications to two code set standards in the Transactions and Code Sets final rule that required compliance by covered entities on or after October 16, 2003. The new final rule, published in the Federal Register on January 16, 2009, modifies standard medical data code sets for coding diagnoses (ICD-10-CM) and inpatient hospital procedures (ICD-10-PCS). ICD-10-CM means International Classification of Diseases, 10th Revision, Clinical Modification for diagnosis coding, including the Official ICD-10-CM Guidelines for Coding and Reporting, as maintained and distributed by the U.S. Department of Health and Human Services (HHS). ICD-10-PCS means International Classification of Diseases, 10th Revision, Procedure Coding System for inpatient hospital procedure…

READ MORE