February 5, 2013. Today, we cover the modifications to Security Standards: General Rules, and Administrative Safeguards in the HIPAA Security Rule, as modified by the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Security Standards: General Rules. The five General Rules govern how the administrative, physical,…
Tag: addressable
CMS and ONC Publish Final Rules for Meaningful Use Stage 2 Security in Federal Register
September 4, 2012. The Department of Health and Human Services (HHS) entities: Centers for Medicare & Medicaid Services (CMS) and Office of the National Coordinator for Health Information Technology (ONC), published their Final Rules for Meaningful Use Stage 2 in today’s Federal Register. This posting focuses on the preamble relating to the following Stage 2 security objective in the CMS Final Rule entitled Medicare and Medicaid Programs; Electronic Health Record Incentive Program: “Protect electronic health information created or maintained by the Certified EHR Technology [CEHRT] through the implementation of appropriate technical capabilities.” Reference numbers in brackets refer to the page number(s) in the September 4, 2012, Federal Register. Associated with this objective…
Transmission Security Integrity Controls: What to Do and How to Do It
In our series on the HIPAA Administrative Simplification Security Rule, this is the first implementation specification for the Technical Safeguard Standard, Transmission Security. This implementation specification is addressable. Addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do Implement…
Transmission Security: What This HIPAA Security Rule Technical Safeguard Standard Means
This is the fifth and last Technical Safeguard Standard of the HIPAA Administrative Simplification Security Rule. It has two implementation specifications: integrity controls; and encryption. Each is addressable. Addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. For compliance with…
Integrity: Mechanism to Authenticate Electronic Protected Health Information-What to Do and How to Do It
In our series on the HIPAA Administrative Simplification Security Rule, this is the implementation specification for the third Technical Safeguard Standard, Integrity. This implementation specification is addressable. Addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do Implement electronic…
Integrity: What This HIPAA Security Rule Technical Safeguard Standard Means
This is the third Technical Safeguard Standard of the HIPAA Administrative Simplification Security Rule. It has one implementation specification: mechanism to authenticate electronic protected health information. This implementation specification is addressable. Addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009….
Access Control: Encryption and Decryption-What to Do and How to Do It
In our series on the HIPAA Administrative Simplification Security Rule, this is the fourth implementation specification for the Technical Safeguard Standard, Access Control. This implementation specification is addressable. Addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do Implement…
Access Control: Automatic Logoff-What to Do and How to Do It
In our series on the HIPAA Administrative Simplification Security Rule, this is the third implementation specification for the Technical Safeguard Standard, Access Control. This implementation specification is addressable. Addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do Implement…
Access Control: What This HIPAA Security Rule Technical Safeguard Standard Means
This is the first Technical Safeguard Standard of the HIPAA Administrative Simplification Security Rule. It has four implementation specifications: unique user identification; emergency access procedure; automatic logoff; and encryption and decryption. The first two are required; the last two are addressable. Addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment…
Technical Safeguard Standards of the HIPAA Administrative Simplification Security Rule
There are five technical safeguard standards: access control, audit controls, integrity, person or entity authentication, and transmission security. Each standard has implementation specifications, which can be required or addressable. Remember, addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. Technical…