Person or Entity Authentication: What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the fourth Technical Safeguard Standard.  There is not a separately described implementation specification.  Rather, this standard’s implementation specification is connoted in the language of the standard and is required.  As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010.  This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do A covered entity is required to implement procedures to verify that a…

READ MORE

Access Control: Unique User Identification-What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the first implementation specification for the Technical Safeguard Standard, Access Control. This implementation specification is required. As we noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do Assign a unique name and/or number for identifying and tracking user identity. How to Do It The covered entity should establish a policy whereby its Security…

READ MORE