Transmission Security Encryption: What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the second of two implementation specifications for the Technical Safeguard Standard, Transmission Security.  This implementation specification is addressable. Addressable does not mean “optional.”  Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard.  As we noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010.  This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to…

READ MORE

Transmission Security: What This HIPAA Security Rule Technical Safeguard Standard Means

This is the fifth and last Technical Safeguard Standard of the HIPAA Administrative Simplification Security Rule.  It has two implementation specifications:  integrity controls; and encryption.  Each is addressable.  Addressable does not mean “optional.”  Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard.  As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010.  This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. For compliance with…

READ MORE

Technical Safeguard Standards of the HIPAA Administrative Simplification Security Rule

There are five technical safeguard standards:  access control, audit controls, integrity, person or entity authentication, and transmission security. Each standard has implementation specifications, which can be required or addressable. Remember, addressable does not mean “optional.”  Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. Technical…

READ MORE