Wednesday, June 6, 2012

6 Safeguards Mandated By the HIPAA Security Rule

In 1996, the United States Congress brought into action the Health Insurance Portability and Accountability Act (HIPAA). It is a federal law that aims at ensuring privacy and security of patient's confidential health information. Almost the entire health care industry falls under the HIPAA regulations. Other than healthcare organizations HIPAA also provides coverage to entities like doctors, nurses and other health professionals, health insurance agencies and government healthcare courses and healthcare clearinghouses that are involved in processing patient health information.

There are two main rules under HIPAA, the Privacy Rule and the Security Rule. The HIPAA Security Rule contains standards that seek to safeguard all the electronic personal health information (ePHI) created, used and maintained by the health care providers. The HIPAA Security Rule has three major safeguards namely administrative, technical and physical safeguards that covered entities like healthcare providers and health plans must adhere to. This is mainly to keep the ePHI secure and confidential.

Under these main safeguards there are six safeguards that are required by the HIPAA Security Rule.

• Access Control: The patient information is accessed by a number of people working in healthcare organizations and insurance companies. The Security Rule requires certain technical procedures and policies to be put in place in order to control this access. All confidential medical records must be secure and access given only to sanctioned persons only.

• Audit Controls: All computers and systems that contain electronic patient information must have software and hardware protection to document and check the activities involving the patient information. The covered entities must also have policies and procedures in place for the same.

• Integrity controls: Electronic measures must also be in place to prevent anyone from tampering with the electronic patient information. The covered entities are required to adhere to these rules and regulations to make sure that the ePHI is not changed or deleted.

• Transmission Security: In a healthcare organization there will obviously be transfer of the health information electronically. Certain technologies make it possible for people to illegally extract the information while it is being electronically transferred. Therefore, HIPAA Security Rule mandates the implementation of technical security measures to prevent such occurrences.

• Facility Access and Control: Once all the electronic and technical measures are in place, the HIPAA Security Rule also makes it compulsory to maintain physical safeguards to restrict physical access to patient health information.

• Workstation and Device Security: Healthcare providers must have procedures and policies that state how to properly use the electronic devices and workstations that contain the electronic patient information. Written procedures must be documented specifying procedures for use, transfer, deletion and reuse of ePHI. This is all required from the covered entities by the Security Rule to make sure that the patient information in protected and is secure.

The safeguards explained above mainly aim to ensure confidentiality and safety of sensitive patient information. However they are also essential for the covered entities to avoid any issues with the government.



This news article is brought to you by BABY-BOOMERS - where latest news are our top priority.

No comments:

Post a Comment