Here Comes HIPAA Security

So you just finished your Privacy Rule compliance effort and are finalizing your Electronic Transaction and Code Set testing and now you hear rumors about the HIPAA Security Rule being finalized. Is it true? Yes. The Security Rule was finalized and published on February 20, and if you are a covered entity, you will have to comply with it. The good news is that the compliance date for the Security Rule is not until February 21, 2005. So as an O&P organization, why worry about the Security Rule now? What are the basics that your organization has to do in order to meet this rule? And just what is being secured? Over the next several months, I will provide you with facts, requirements and the steps to help you with your HIPAA Security compliance efforts. By starting your Security compliance efforts now, you can plan appropriately for the resources, training, and budget that will be needed to meet the Security requirements. So grab a folder, label it "Security," and file away a copy of The O&P EDGE every month. Do You Have To Comply? This is a simple determination. If you were required to comply with the Privacy Rule or Electronic Transactions and Code Sets Rule, you are a covered entity and will have to comply with the Security Rule also. What Will Be Protected by the Security Rule? Protected Health Information (PHI) that is transmitted or maintained electronically. Electronic media includes electronic storage media such as memory devices in computers (hard drives) and any removable/transportable digital memory medium, such as a magnetic tape or disk, optical disk or a digital memory card. It also includes transmission media used to exchange information such as the Internet, an extranet, leased lines, dial-up lines, private networks and the physical movement of the removable/transportable electronic storage media. Electronic media does not include paper, fax, and voice via telephone. General Requirements An O&P organization that is a covered entity must do the following: Ensure the confidentiality, integrity, and availability of all electronic protected health information that the covered entity creates, receives, maintains, or transmits; Protect against any reasonably anticipated threats or hazards to the security or integrity of such information; Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required by the Security Rule; and Ensure compliance of the Security Rule by its workforce. Required and Addressable Requirements The Department of Health and Human Services (DHHS) allows the covered entity to be flexible in its approach to reasonably and appropriately put into effect the standards and implementation specifications. DHHS provides the flexibility by stating whether a Security Rule is "required" or "addressable." Required Specifications If the specification is "required," the covered entity must implement the specification as stated in the Security Rule. Addressable Specifications If the specification is "addressable," then the covered entity must: 1. Assess whether the specification is a reasonable and appropriate safeguard in its environment and is likely to contribute to protecting the entity's electronic protected health information, and 2. Implement the specification or document why it would not be reasonable and appropriate. Implement an equivalent alternative measure if reasonable and appropriate. Next Article In our next article we will look into the Security Rule and its "required" and "addressable" implementation specifications. While all information is believed to be correct at the time of writing, this article is informational only and does not constitute the rendering of legal, financial, or other professional advice or recommendations by Provaliant or individual members. If you require legal advice, you should consult with an attorney. Jay Masci is the principal consultant of Provaliant, a company providing IT consulting services including HIPAA compliance and customized training. Visit www.provaliant.com or contact Provaliant at 480.952.0656.

Here Comes HIPAA Security

Ossur Launches Affiliated Facilities Program

Hanger Sees 1st Quarter Increase

Hanger Sees 1st Quarter Increase

RECENT NEWS

Get unlimited access!

O&P JOBS

Certified Orthotist & Orthotic Technician

Prosthetic/Orthotic Technician – Boise, ID

Certified Orthotist

Are you sure want to unlock this post?

Are you sure want to cancel subscription?

The most important industry news and events delivered directly to your inbox every week.

Welcome Back!

Retrieve your password

Are you sure want to unlock this post?

Are you sure want to cancel subscription?

Here Comes HIPAA Security

Support authors and subscribe to content

Subscribe

Related posts:

Ossur Launches Affiliated Facilities Program

Hanger Sees 1st Quarter Increase

Hanger Sees 1st Quarter Increase

RECENT NEWS

Get unlimited access!

O&P JOBS

Certified Orthotist & Orthotic Technician

Prosthetic/Orthotic Technician – Boise, ID

Certified Orthotist

Login to your account

Reset Password

Signup to your Account

Are you sure want to unlock this post?

Are you sure want to cancel subscription?

Account Activation

The most important industry news and events delivered directly to your inbox every week.

Welcome Back!

Retrieve your password

Login to your account

Reset Password

Signup to your Account

Are you sure want to unlock this post?

Are you sure want to cancel subscription?

Account Activation