HIPAA Final Rule: Security Standards, General Rules & Administrative Safeguard Modifications

February 5, 2013.  Today, we cover the modifications to Security Standards:  General Rules, and Administrative Safeguards in the HIPAA Security Rule, as modified by the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Security Standards:  General Rules.  The five General Rules govern how the administrative, physical,…

READ MORE

Security Incident Procedures Response and Reporting: What to Do and How to Do It

This is the sixth Administrative Safeguard Standard of the HIPAA Administrative Simplification Security Rule. This is its one implementation specification, Response and Reporting, which is required for compliance. As we have noted in earlier postings, with enactment of the American Recovery and Reinvestment Act of 2009 (“ARRA”) on February 17, 2009, business associates also will be required to comply with the Security Rule standards, effective February 17, 2010. What to Do This standard requires that the covered entity implement response and reporting policies to address security incidents. A security incident is defined as “the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system…

READ MORE

Security Incident Procedures: What This HIPAA Security Rule Administrative Safeguard Standard Means

This is the sixth Administrative Safeguard Standard of the HIPAA Administrative Simplification Security Rule. It has one implementation specification:  Response and Reporting, which is required for compliance. As we have noted in earlier postings, with enactment of the American Recovery and Reinvestment Act of 2009 (“ARRA”) on February 17, 2009, business associates also will be required to comply with the Security Rule standards, effective February 17, 2010. This safeguard standard and its implementation specification require covered entities to establish policies and procedures to respond to security incidents and to report them. A security incident is defined as “the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information…

READ MORE