Access Control: Automatic Logoff-What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the third implementation specification for the Technical Safeguard Standard, Access Control. This implementation specification is addressable. Addressable does not mean “optional.”  Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do Implement…

READ MORE

Physical Safeguard Standard, Device and Media Controls: Medi Re-use Implementation Specification-What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, Device and Medial Controls is the fourth and last Physical Safeguard Standard.  Media Re-use is the second of four implementation specifications, and it is required.  As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010.  This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do A covered entity must implement procedures for removal of electronic protected health information from electronic media before the…

READ MORE

Physical Safeguard Standard, Device and Media Controls: Disposal Implementation Specification-What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, Device and Medial Controls is the fourth and last Physical Safeguard Standard.  Disposal is the first of four implementation specifications, and it is required.  As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010.  This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do A covered entity must implement policies and procedures to address the final disposition of electronic protected health information and…

READ MORE