Exploring HIPAA and HITECH Act Definitions: Part 7

From now through November, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification, securing of protected health information, and electronic health record (EHR) standards development and adoption. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will require compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline. Each posting will contain three definitions, with a date reference to the Federal Register, Code of Federal Regulations (CFR), or statute, as appropriate. Exploring HIPAA and…

READ MORE

Word of the Day: Interoperability

Interoperability: The ability to exchange and use information (usually in a large heterogeneous network made up of several local area networks). Interoperable systems reflect the ability of software and hardware on multiple machines from multiple vendors to communicate.

Word of the Day: Site Visit

Site Visit: A scheduled three- to five-hour visit at a location determined by the vendor and host site that allows the practice purchasing the same software to see that software and interfaces in action. Most purchasers want to observe the new workflows, how well the interfaces work, and learn implementation tips.

Facility Access Controls: What This HIPAA Security Rule Physical Safeguard Standard Means

This is the first Physical Safeguard Standard of the HIPAA Administrative Simplification Security Rule. It has four implementation specifications: contingency operations; facility security plan; access control and validation procedures; and maintenance records. Each of these implementation specifications is addressable. Addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act ARRA,…

READ MORE

Physical Safeguard Standards of the HIPAA Administrative Simplification Security Rule

There are four physical safeguard standards: facility access controls, workstation use, workstation security, and device and media controls. Each standard has implementation specifications, which can be required or addressable. Remember, addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act ARRA, signed by President Obama on February 17, 2009. Physical…

READ MORE