Card image cap
What Is HIPAA Security Rule?
By anirban@docmode.com | September 5, 2021 | 0 Comments

The U.S. Congress enacted the Health Insurance Portability and Accountability Act (HIPAA) in 1996 with the authentic cause of enhancing the performance and effectiveness of the U.S. healthcare system. Over time, numerous guidelines had been delivered to HIPAA focusing at the safety of touchy-affected person facts. Covered entities under HIPAA security rule encompass health plans, healthcare clearinghouses, and any healthcare provider that electronically transmits facts which include health claims, coordination of benefits, and referral authorizations. Covered entities include individuals, agencies and establishments, such as studies establishments and authorities agencies. In 2013, the Omnibus Rule, primarily based totally on the Health Information Technology for Economic and Clinical Health (HITECH) Act, prolonged HIPAA to enterprise associates, which can encompass attorneys, IT contractors, accountants, or even cloud services.

The HIPAA Security Rule establishes requirements for defensive sufferers’ clinical information and different PHI. It specifies what patients’ rights have over their facts and calls for protected entities to shield that fact. The Privacy Rule, essentially, addresses how PHI may be used and disclosed. As a subset of the Privacy Rule, the Security Rule applies especially to electronic PHI, or ePHI.

The Security Rule mandates the following safeguards:

  • Technical
    Defined as the technology and the rules and techniques for the technology’s use that together shield ePHI, in addition, to control access to it.

Technical guard standards encompass:

  • Access
  • Audit controls
  • Integrity
  • Authentication

 

  • Physical
    Defined as physical measures, rules, and procedures for defensive digital facts structures and associated equipment and buildings from natural/environmental risks and unauthorized intrusion.

Physical guard requirements encompass:

  • Facilities’ access control
  • Workstation use
  • Workstation protection
  • Device and media controls

 

  • Administrative
    Defined as administrative actions, rules, and techniques for managing the selection, development, implementation, and protection of security features to shield ePHI and manage worker behavior associated with ePHI safety.

More than half of HIPAA’s Security Rule is centered on administrative safeguards. Standards encompass:

  • Security management process
  • Assigned security responsibility
  • Workforce security
  • Security attention and training
  • Security incident techniques
  • Contingency plan
  • Evaluation
  • Business and associate agreement

 

Photo by John Salvino on Unsplash