Health Data Management (HDM) reported today, May 12, that the Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) is going to strengthen HIPAA Security Rule enforcement, based on statements made on Tuesday, May 11 by the OCR Deputy Director for Privacy, Susan McAndrew, at the Safeguarding Health Information conference in Washington, DC, co-sponsored by OCR and the National Institute of Standards and Technology (NIST). “To boost enforcement of the security rule, OCR has added investigators in 10 regional offices, McAndrew notes,” as reported by Joe Goedert in the HDM article, “OCR Boosting Security Enforcement,” which is available online. This report comes several days after…
Tag: National Institute of Standards and Technology
HHS Issues Interim Final Rule for HITECH ‘Breach Notification’
U.S. Department of Health and Human Services Secretary, Kathleen Sebelius, has issued the Interim Final Rule for Breach Notification for Unsecured Protected Health Information. The Interim Final Rule was signed by Secretary Sebelius on August 6, 2009, filed at the Federal Register on Wednesday, August 19, 2009, and will be published on Monday, August 24, 2009, in the Federal Register. The effective date of the Interim Final Rule will be 30 days after publication, and will cover both covered entities and business associates of covered entities. Here is the Summary of the Interim Final Rule: “The Department of Health and Human Services (HHS) is issuing this interim final rule with…
Transmission Security: What This HIPAA Security Rule Technical Safeguard Standard Means
This is the fifth and last Technical Safeguard Standard of the HIPAA Administrative Simplification Security Rule. It has two implementation specifications: integrity controls; and encryption. Each is addressable. Addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. For compliance with…
Access Control: What This HIPAA Security Rule Technical Safeguard Standard Means
This is the first Technical Safeguard Standard of the HIPAA Administrative Simplification Security Rule. It has four implementation specifications: unique user identification; emergency access procedure; automatic logoff; and encryption and decryption. The first two are required; the last two are addressable. Addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment…
Red Flags Rules Compliance Countdown: Today
The Federal Trade Commission’s (FTC’s) red flags rules for financial institutions and creditors to fight identity theft require compliance by most healthcare providers today, Friday, May 1, 2009. See this post for more information on how to prepare for today’s deadline.
Red Flags Rules Compliance Countdown: 1 day
The Federal Trade Commission’s (FTC’s) red flags rules for financial institutions and creditors to fight identity theft require compliance by most healthcare providers on Friday, May 1, 2009. See this post for more information on how to prepare for tomorrow’s deadline.
Red Flags Rules Compliance Countdown: 2 days
The Federal Trade Commission’s (FTC’s) red flags rules for financial institutions and creditors to fight identity theft require compliance by most healthcare providers on Friday, May 1, 2009. See this post for more information on how to prepare for Friday’s deadline.
Red Flags Rules Compliance Countdown: 3 days
The Federal Trade Commission’s (FTC’s) red flags rules for financial institutions and creditors to fight identity theft require compliance by most healthcare providers on Friday, May 1, 2009. See this post for more information on how to prepare for Friday’s deadline.
FTC’s “Red Flags” Rule to Prevent Identity Theft Requires Compliance by Healthcare Providers on Friday, May 1, 2009
The Federal Trade Commission’s (FTC’s) “red flags” rules for financial institutions and creditors to fight identity theft require compliance by most healthcare providers on Friday, May 1, 2009. HIPAA.com recommends that healthcare providers examine three documents, which we have available at HIPAA.com, to determine their responsibilities with respect to compliance with the red flag rules. These documents are: » Identity Theft Red Flag Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003; Final Rule, published in the Federal Register on November 9, 2007. The preamble of the Final Rule, which discusses the purpose, intent, and scope of coverage, appears on pages 63718-63733. Of particular importance…
Identity Theft Red Flags and Address Discrepancies
DEPARTMENT OF THE TREASURY 12 CFR Part 41, 222, 334, 364, 571 and 717 16 CFR Part 681 Idendity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003 AGENCY: Office of the Secretary, HHS. ACTION: Joint Final Rules and Guidelines. Download (Requires Acrobat Reader)