|
|
|
|
|
|
|
HIPAA Security Standards |
| March 20, 2003 ==================================================================== The HIPAA security standards were published in the February 20 Federal Register, according to the Department of Health and Human Services (HHS). The regulations are designed to safeguard protected health information (PHI) that is maintained or transmitted in electronic form. All HIPAA "covered entities" must comply with the rule. Covered entities are health plans, health care clearinghouses, and provider organizations that transmit patient information electronically in conjunction with at least one of several specified transactions. The chain of trust agreement, a document that would require business partners to protect electronic PHI received from covered entities, was eliminated. Covered entities are required to accomplish this through business associate agreements, which are required under the privacy rule. The electronic signature standard, a component of the proposed rule, was removed from the final version. HHS will publish it in a separate final rule, but did not say when. Other highlights: All work force members, including management, must receive security awareness training Organizations must conduct risk analyses to determine information security risks and vulnerabilities Organizations must establish policies and procedures that allow access to electronic PHI on a need-to-know basis Organizations must implement audit controls that record and examine who has logged into information systems that contain PHI Organizations must limit physical access to facilities that contain electronic PHI Organizations must establish and enforce sanctions to all workforce members who don't follow information security policies and procedures ======================================================================= Join 1000’s of behavioral healthcare professionals who have taken the ContinuedLearning online HIPAA training. One of our customers states, “With the (April 14) deadline bearing down, the efficiency and speed of accomplishing this training online was more than we could have hoped for." Organizations please call 1-888-249-1517 for a volume quote or demo. Individual practitioners can purchase the training at http://www.continuedlearning.com AND receive CEU credit! Contact ContinuedLearning at 1-888-249-1517, or email at info@continuedlearning.com. ======================================================================= HIPAA Website Resources Center for Medicare and Medicaid Services NHIC Provider Workshops www.eds-nhic.com/provenrl/mcwork.htm NHIC Provider Relations Training Specialist www.eds-nhic.com/provenrl/imagemap.html HIPAA Frequently Asked Questions (FAQs) Approved HIPAA Implementation Guides and Current Listing of the Reason and Remark Codes www.wpc-edi.com/hipaa/HIPAA_40.asp. Health and Human Services Commission www.hhsc.state.tx.us/NDIS/NDISTaskForce.html Privacy Other Helpful Links |
12820 Hillcrest, Suite 201
Dallas, Texas 75230
phone: (877)-956-6400, fax: 972-385-7777
email:skovich@provisionsconsulting.com
© 1997 Provisions Consulting, Inc. All Rights Reserved.
|
|
|
