In our series on the HIPAA Administrative Simplification Security Rule, Device and Medial Controls is the fourth and last Physical Safeguard Standard. Media Re-use is the second of four implementation specifications, and it is required. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do A covered entity must implement procedures for removal of electronic protected health information from electronic media before the…
Tag: Security Rule
Physical Safeguard Standard, Device and Media Controls: Disposal Implementation Specification-What to Do and How to Do It
In our series on the HIPAA Administrative Simplification Security Rule, Device and Medial Controls is the fourth and last Physical Safeguard Standard. Disposal is the first of four implementation specifications, and it is required. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do A covered entity must implement policies and procedures to address the final disposition of electronic protected health information and…
Device and Media Controls: What This HIPAA Security Rule Physical Safeguard Standard Means
This is the fourth and last Physical Safeguard Standard of the HIPAA Administrative Simplification Security Rule. It has four implementation specifications: disposal, media re-use, accountability, and data backup and storage. The first two are required; the last two are addressable. Addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act…
Physical Safeguard Standard, Workstation Security-What to Do and How to Do It
In our series on the HIPAA Administrative Simplification Security Rule, this is the third Physical Safeguard Standard, Workstation Security. The implementation specification for this standard is defined by the standard title, and is required. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do A covered entity must implement physical safeguards for all workstations that access electronic protected health information to restrict access…
Physical Safeguard Standard, Workstation Use-What to Do and How to Do It
In our series on the HIPAA Administrative Simplification Security Rule, Workstation Use is the second Physical Safeguard Standard. There is no defined implementation specification for this standard. Implementation of policies and procedures pertaining to this standard are required. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What is Required A covered entity must implement policies and procedures that specify the proper functions to be…
Red Flags Rules Compliance Countdown: Today
The Federal Trade Commission’s (FTC’s) red flags rules for financial institutions and creditors to fight identity theft require compliance by most healthcare providers today, Friday, May 1, 2009. See this post for more information on how to prepare for today’s deadline.
Red Flags Rules Compliance Countdown: 1 day
The Federal Trade Commission’s (FTC’s) red flags rules for financial institutions and creditors to fight identity theft require compliance by most healthcare providers on Friday, May 1, 2009. See this post for more information on how to prepare for tomorrow’s deadline.
Facility Access Controls: Maintenance Records-What to Do and How to Do It
In our series on the HIPAA Administrative Simplification Security Rule, this is the fourth implementation specification for the Physical Safeguard Standard, Facility Access Controls. This implementation specification is addressable. Remember, addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act ARRA, signed by President Obama on February 17, 2009. What…
Red Flags Rules Compliance Countdown: 2 days
The Federal Trade Commission’s (FTC’s) red flags rules for financial institutions and creditors to fight identity theft require compliance by most healthcare providers on Friday, May 1, 2009. See this post for more information on how to prepare for Friday’s deadline.
Facility Access Controls: Access Control and Validation Procedures-What to Do and How to Do It
In our series on the HIPAA Administrative Simplification Security Rule, this is the third implementation specification for the Physical Safeguard Standard, Facility Access Controls. This implementation specification is addressable. Remember, addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act ARRA, signed by President Obama on February 17, 2009. What…