Hipaa Security: Implementing Technical Safeguards Essay

2233 words - 9 pages



HIPAA Security: Implementing Technical Safeguards
August 3, 2014
MIS 565 Healthcare Security, Privacy & Compliance

Abstract…………………………………………………………………………………………... 3
Introduction………………………………………………………………………………………. 4
HIPAA Security Rule……………………………………………………………………………. 5
Technical Safeguards…………………………………………………………………………….. 6
A. Access Control
B. Audit Control
C. Integrity
D. Transmission Security
E. ...view middle of the document...

The rule identifies required and addressable implementation specifications. It is obvious what required means; however, the addressable specifications provides covered entities and business associates with the option of choosing how they will met the standard mention in the Security Rule.
The Security Rule also mentions safeguards that should be implemented to protect the ePHI. These safeguards include administrative, technical and physical; however, for the purpose of this paper, technical safeguard will be the only examined. Each measure of this particular safeguard will be highlighted so that readers can have a better insight on how each measure plays a role in the secure and protection of ePHI.

INTRODUCTION
The HIPAA Privacy Rule and the HIPAA Security Rule both have been implemented to protect health information, however, there is one factor that differentiates the two. The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) has been established for protecting only electronic protected health information (ePHI). Electronic protected health information refers to any protected health information that is covered under HIPAA security regulations and is produced, saved, transferred or received in an electronic form (Rouse, 2012). EPHI is considered just as important as any other protected health information so Covered Entities (CEs) and Business Associates (BAs) need to ensure that they remain in compliance with the Security Rule. In order for this to occur, CEs and BAs are required to maintain reasonable and appropriate administrative, technical and physical safeguards for protecting ePHI.
In this paper, I will provide brief insight into the history behind the implementation of the Security Rule. Also, while all three of the safeguards mentioned in the previous paragraph are equally important when it comes to securing ePHI, this paper will solely focus on technical safeguards and why they are so critical in securing electronic protected health information. The Security Rule defines technical safeguards as “the technology and the policy and procedures for its use that protect electronic protected health information and control access to it” (Security Standards, 2007). The five technical safeguards that I will examine in depth are: access control, audit controls, integrity, person or authentication, and transmission security.

HIPAA SECURITY RULE
In 2003, the U.S. Department of Health and Human Services (HHS) was mandated to establish regulations that would preserve the integrity, confidentiality and availability of ePHI. These set of regulations are known as the HIPAA Security Rule. This rule was implemented at a time when the health care industry began to transition from paper processing to relying more on the use of electronic information systems to pay claims, answer eligibility questions, provide health information and conduct a host of other...

Other Papers Like HIPAA Security: Implementing Technical Safeguards

Hipaa and Its Impact Essay

543 words - 3 pages necessary to protect the same information with rules of how the information would be secured and safeguarded. HIPAA rules are separated into four sections; administrative safeguards, physical safeguards, security services and security mechanisms. Administrative safeguards handle those policies, procedures, and practices that are used by an entity to handle protected health information. This is handled by policies and procedures that are used in

Ais Attacks Essay

1879 words - 8 pages ignoring a specific requirement under HIPAA can reach $25,000 per violation. * Under GLBA, banks and financial institutions have a mandate to secure private customer data. They must implement a comprehensive, written information security program with administrative, technical and physical safeguards for customer information. In addition, the institution's board of directors or an appropriate committee of the board must approve the security

Ocr Risk Analysis

3309 words - 14 pages HIPAA Security Standards: Guidance on Risk Analysis Introduction The Office for Civil Rights (OCR) is responsible for issuing annual guidance on the provisions in the HIPAA Security Rule.1 (45 C.F.R. §§ 164.302 – 318.) This series of guidances will assist organizations2 in identifying and implementing the most effective and appropriate administrative, physical, and technical safeguards to secure electronic protected health information (e

Electronic Devices And Patient Privacy

1068 words - 5 pages their patients as long as certain protocols are in place. “Importantly for healthcare professionals and their employers, the Security Rule “requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information” (Barrett, 2011). The ethical issue that arises in the article is the use of personal electronic devices by physicians instead of the employer

Government

1228 words - 5 pages implementing and enforcing the HIPAA privacy regulation (U.S. Department of HHS). The Privacy Act of 1974, as amended at 5 U.S.C. 552a, protects records that can be retrieved by personal identifiers such as a name, social security number, or other identifying number or symbol. An individual is entitled to access to his or her records and to request correction of these records if applicable. The Privacy Act prohibits disclosure of these records

Administrative Ethics Regarding Hipaa

1242 words - 5 pages Administrative ethics regarding HIPAA HIPPA Rule HIPP is a privacy rule that is set up to protect a patient’s person health information. This personal health information coverage gives a patient a number of rights on how their medical records are kept and who has the right to view them. The HIPAA privacy rule has a number of safeguards for the covered entitles to ensure that confidentiality and integrity of any electronic health

Network Design for Remote Monitoring

5917 words - 24 pages first re-installing RADIUS on the server and then on the firewall using the same secret pass phrase on both the server and the firewall. This also provided HIPAA compliance concerning the security of patient data on the network because all data is travelling over a secure VPN tunnel. Creating the OUs to allow for specific access control based on job title was the next item on the technical requirement list. There were three main OUs created

Security Breach

1672 words - 7 pages physical, technical safeguards and administrative.  Some other few steps must be tracked to generate an effective security supervision strategy, teams or employees must work meticulously organized with IT specialists to guarantee all guidelines and procedures of this supervision strategy reflect on the system required. Three important basics that must be involved in the supervision strategy: 1. Finding: Daily reports must be route to

Analyzing the Dangers and Risk Associated with Cloud Computing in the Health Care Industry

1953 words - 8 pages provider has inadequate administrative, physical, and technical safeguards | Information maintained by the cloud provider is compromised | Adversarial, accidental, structural, environmental | None | High | High | High | Obtain documentation that cloud provider has a comprehensive security program that adheres to a recognized structure and is periodically reviewed. | Unauthorized access during transmission to cloud provider | Information is intercepted

Health Care Policy Paper

2786 words - 12 pages . The Health Insurance Portability and Accountability Act of 1996, was enacted on August 21, 1996. Sections 261 through 264 of HIPAA require the Secretary of Health and Human Services to publicize standards for the electronic exchange, privacy and security of health information. The Privacy Rule set a national standard for the protection of certain health information. The U.S. Department of Health and Human Services issued the Privacy Rule to

External Environment and Government Policy

1330 words - 6 pages simplifications provisions that develop single and universal claims and payment transaction codes, 2) by protecting the privacy and security of PHI, and 3) by providing provisions for the enforcement of its rules. The scope of HIPAA encompasses the following entities: health care plans, health care clearinghouses, and all health care providers who conduct certain health care transactions electronically. The Privacy Rule is the foundation for

Related Essays

Cyberlaw, Regulations And Compliance Essay

1323 words - 6 pages information security. They are technical security, physical security and administrative security. Technical security refers to the various mechanisms and safeguards installed in the organization’s systems, which keep the data secure from any alteration and external breaches. For example IDS/IPS, Next-Generation firewalls, procedures for authentication, anti-spyware, anti-virus etc. Physical security refers to the keeping the network infrastructure safe

Law Profile Essay

1573 words - 7 pages one place to another. With regard to privacy our government created HIPAA "to protect the privacy and security of individually identifiable health information.” Furthermore our government "sought to reduce the administrative costs and burden associated with healthcare by standardizing data and facilitating transmission of many administrative and financial transactions." Those that know HIPAA well feel that the rules will reduce the cost of

Administative Ethics Paper

1126 words - 5 pages responsibilities related to this administrative ethical issue is to make sure the physicians know that the HIPAA Security rule requires that there be in place an administrative, physical, and technical safeguards pertaining to mobile devices in order to make sure the patient’s electronic protected information is confidential and secured. The administrative safeguards include periodic risk assessments of the mobile device to make sure proper

Hipaa Act Of 1996 Essay

2160 words - 9 pages Safeguards comprise over half of the HIPAA Security requirements. The first standard, the Security Management Process, establishes the administrative processes and procedures that a CE will use to implement the security program in its environment. The first step is to perform a risk analysis. HIPAA mandates that access to private health information be minimized. This access is protected through security management processes, information access