Physical Safeguard Standard, Device and Media Controls: Accountability Implementation Specification-What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, Device and Medial Controls is the fourth and last Physical Safeguard Standard.  Accountability is the third of four implementation specifications, and it is addressable.  Remember, addressable does not mean “optional.”  Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard.  As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010.  This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama…

READ MORE

Device and Media Controls: What This HIPAA Security Rule Physical Safeguard Standard Means

This is the fourth and last Physical Safeguard Standard of the HIPAA Administrative Simplification Security Rule.  It has four implementation specifications:  disposal, media re-use, accountability, and data backup and storage.  The first two are required; the last two are addressable.  Addressable does not mean “optional.”  Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard.  As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010.  This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act…

READ MORE