HIPAA security rules explained

By Bill Brenner, News Writer 15 Mar 2005 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

HIPAA's security requirements affect companies that store and transmit protected health information electronically. This includes healthcare providers, insurers and clearinghouses.

Enterprises that serve clients in the healthcare industry -- laboratories, collection agencies and lawyers, for example -- must also implement protections to secure

There's no cookie-cutter approach for everyone. The standards don't specify any particular technology to adopt. They outline what must be done, not how to do it.

There's no cookie-cutter approach for everyone. The standards don't specify any particular technology to adopt. They outline what must be done, not how to do it.

Organizations trying to figure out how to apply the standards must take into account their size, complexity, capabilities, compliance costs and the potential risks to their electronically protected health information.

Generally speaking, HIPAA security requires that:

• Administrative safeguards be in place to manage the selection and execution of security measures.
• Physical safeguards be in place to protect electronic systems and related buildings and equipment from environmental hazards and unauthorized intrusion.
• Technical safeguards be in place, including an automated processes to protect data and control access to it.
• Risk assessments are conducted and that security policies and procedures are documented.
• Organizations have a device to screen traffic from the Internet such as a firewall.

Tthe HIPAA security rules are outlined by the Department of Health and Human Services. ,

Related stories from the series HIPAA rules force health insurers to secure sensitive data: IT security and compliance professionals said the massive patient privacy law is a bitter pill for some to swallow and the best prescription for others to follow. Got a health plan? Then your company's covered under HIPAA. The HIPAA data security rules must be observed by any enterprise that offers its employees a healthcare plan.

Covered entities with the exception of small health plans must comply with the security requirements by April 21. Small health plans -- those with fewer than 50 employees -- must comply by April 21, 2006.

Learn about HIPAA privacy and security by reading our series.

Note: This information was culled from various sources, including the Department of Health and Human Services, ArticSoft, HIPAAacademy.net and the Centers for Medicare & Medicaid Services (CMS).

Tags: HIPAA,  HIPAA,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT HIPAA Cost of security, IT management add up at healthcare facilities, study finds Healthcare security spending remains sluggish, report shows Creating a HIPAA employee training program FTC extends breach notification to Web-based health repositories Are there guidelines to create a HIPAA-compliant data center? HHS HIPAA guidance on encryption requirements and data destruction Writing a patient identifier policy to prevent common HIPAA violations HIPAA compliance: New regulations change the game HIPAA compliance manual: Training, audit and requirement checklist Key elements of a HIPAA compliance checklist HIPAA Research HIPAA Lake Forest Hospital's Rx for HIPAA compliance HIPAA security rules apply to firms with healthcare plans Security compliance -- Separating FUD from reality, part two: HIPAA The Practical Guide to HIPAA Privacy and Security Compliance Getting Started with HIPAA Security Compliance HIPAA - Points to consider

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary