Audit Control: What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the second Technical Safeguard Standard. There is not a separately described implementation specification. Rather, this standard’s implementation specification is connoted in the language of the standard and is required. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do A covered entity is required to implement hardware, software, and/or procedural mechanisms…

READ MORE

Access Control: Automatic Logoff-What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the third implementation specification for the Technical Safeguard Standard, Access Control. This implementation specification is addressable. Addressable does not mean “optional.”  Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do Implement…

READ MORE

Access Control: What This HIPAA Security Rule Technical Safeguard Standard Means

This is the first Technical Safeguard Standard of the HIPAA Administrative Simplification Security Rule. It has four implementation specifications:  unique user identification; emergency access procedure; automatic logoff; and encryption and decryption. The first two are required; the last two are addressable. Addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment…

READ MORE

Physical Safeguard Standard, Workstation Use-What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, Workstation Use is the second Physical Safeguard Standard.  There is no defined implementation specification for this standard.  Implementation of policies and procedures pertaining to this standard are required.  As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010.  This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What is Required A covered entity must implement policies and procedures that specify the proper functions to be…

READ MORE