HIPAA Security: Implementing Technical Safeguards
August 3, 2014
MIS 565 Healthcare Security, Privacy & Compliance
HIPAA Security Ruleâ€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦. 5
Technical Safeguardsâ€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦.. 6
A. Access Control
B. Audit Control
D. Transmission Security
E. ...view middle of the document...
The rule identifies required and addressable implementation specifications. It is obvious what required means; however, the addressable specifications provides covered entities and business associates with the option of choosing how they will met the standard mention in the Security Rule.
The Security Rule also mentions safeguards that should be implemented to protect the ePHI. These safeguards include administrative, technical and physical; however, for the purpose of this paper, technical safeguard will be the only examined. Each measure of this particular safeguard will be highlighted so that readers can have a better insight on how each measure plays a role in the secure and protection of ePHI.
The HIPAA Privacy Rule and the HIPAA Security Rule both have been implemented to protect health information, however, there is one factor that differentiates the two. The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) has been established for protecting only electronic protected health information (ePHI). Electronic protected health information refers to any protected health information that is covered under HIPAA security regulations and is produced, saved, transferred or received in an electronic form (Rouse, 2012). EPHI is considered just as important as any other protected health information so Covered Entities (CEs) and Business Associates (BAs) need to ensure that they remain in compliance with the Security Rule. In order for this to occur, CEs and BAs are required to maintain reasonable and appropriate administrative, technical and physical safeguards for protecting ePHI.
In this paper, I will provide brief insight into the history behind the implementation of the Security Rule. Also, while all three of the safeguards mentioned in the previous paragraph are equally important when it comes to securing ePHI, this paper will solely focus on technical safeguards and why they are so critical in securing electronic protected health information. The Security Rule defines technical safeguards as â€œthe technology and the policy and procedures for its use that protect electronic protected health information and control access to itâ€ (Security Standards, 2007). The five technical safeguards that I will examine in depth are: access control, audit controls, integrity, person or authentication, and transmission security.
HIPAA SECURITY RULE
In 2003, the U.S. Department of Health and Human Services (HHS) was mandated to establish regulations that would preserve the integrity, confidentiality and availability of ePHI. These set of regulations are known as the HIPAA Security Rule. This rule was implemented at a time when the health care industry began to transition from paper processing to relying more on the use of electronic information systems to pay claims, answer eligibility questions, provide health information and conduct a host of other...