Person or Entity Authentication: What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the fourth Technical Safeguard Standard.  There is not a separately described implementation specification.  Rather, this standard’s implementation specification is connoted in the language of the standard and is required.  As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010.  This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do A covered entity is required to implement procedures to verify that a…

READ MORE

Security Management Process: Risk Analysis-What to Do and How to Do It

Security Management Process is the first administrative standard of the Security Rule, and Risk Analysis is the implementation specification.  Each covered entity is required to conduct a risk analysis or assessment to determine vulnerabilities and threats and to identify and put in place risk mitigation measures for safeguarding electronic protected health information.  Electronic protected health information is the content of the HIPAA Administrative Simplification Standard Transactions and of the expected growing adoption of clinically-based electronic health record systems. What to do:  Conduct an accurate and thorough assessment of potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity. How to…

READ MORE

Are You Subject to HIPAA Privacy Rules when Publishing Confidential Health Information on a Social Network?

It’s unlikely the social networking sites are health care providers, so HIPAA’s privacy rule doesn’t apply; but other privacy business practices are likely to affect you. First, tackle the HIPAA Privacy question by responding to the following questions. » Are you a healthcare provider that conducts transactions electronically? » Are you a healthcare clearinghouse? (Do you process healthcare claims?) » Are you a health plan? (insurance payer) If you answered no to these questions, you are not a covered entity under HIPAA’s Privacy Rule. That said, you probably are more concerned about users sharing health information online that if stolen, could be used in identity theft. Consumers (patients) often use…

READ MORE