In our series on the HIPAA Administrative Simplification Security Rule, this is the third implementation specification for the Administrative Safeguard Standard (Information Access Management). This implementation specification is addressable. Remember, addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. Further, as we have noted in a posting last week, with enactment of the American Recovery and Reinvestment Act of 2009 on February 17, 2009, business associates also will be required to comply with the Security Rule standards, effective February 17, 2010. What to Do Implement policies and procedures that, based upon the covered entity’s…
Tag: Right of Access
The HIPAA Privacy Rule’s Right of Access and Health Information Technology
U.S. Department of Health and Human Services, Office for Civil Rights Download (Requires Acrobat Reader)