HIPAA.com

Individual Access Key Privacy/Security Principle of Meaningful Use 2011 Objectives

On December 15, 2008, the Office of the National Coordinator for Health Information Technology of the U.S. Department of Health and Human Services (HHS) published its 11 page report: Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information. The eight principles in this report underpin the HIPAA Administrative Simplification Privacy and Security Rule standards, provide a foundation of the Privacy provisions of the HITECH Act in the American Recovery and Reinvestment Act of 2009, signed by President Obama on February 17, 2009, and are a key objective of proposed 2011 Objective recommendations for Meaningful Use published by HHS’ Health IT Policy Committee on June 16, 2009….

Ed JonesMeaningful Use, Privacy2008, 2009, 2011 Objectives, American Recovery and Reinvestment Act of 2009, December 15, Electronic Exchange, February 17, Health IT Policy Committee, HHS, HIPAA Administrative Simplification standards, HITECH Act, individual access, Individually Identifiable Health Information, June 16, Level 1, Level 2, Meaningful Use, Nationwide Privacy and Security Framework, network, Office of the National Coordinator for Health Information Technology, President Obama, principlesLeave a comment

Nationwide Privacy and Security Framework for Electronic Exchange: Key Meaningful Use 2011 Objective Recommendation

On December 15, 2008, the Office of the National Coordinator for Health Information Technology of the U.S. Department of Health and Human Services (HHS) published its 11 page report: Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information. This report states: “[a] key factor to achieving a high-level of trust among individuals, health care providers, and other health care organizations participating in electronic health information exchange is the development of, and adherence to, a consistent and coordinated approach to privacy and security. Clear, understandable, uniform principles are a first step in developing a consistent and coordinated approach to privacy and security and a key component to…

Ed JonesMeaningful Use, Privacy2008, 2009, 2011 Objectives, accountability, administrative safeguards, American Recovery and Reinvestment Act of 2009, and disclosure limitation, availability, breach, Collection, confidentiality, Correction, data quality and integrity, December 15, Electronic Exchange, February 17, Health IT Policy Committee, HHS, HIPAA Administrative Simplification standards, HITECH Act, individual access, individual choice, Individually Identifiable Health Information, integrity, June 16, Level 1, Level 2, Meaningful Use, Nationwide Privacy and Security Framework, non-adherence, Office of the National Coordinator for Health Information Technology, openness and transparency, physical safeguards, President Obama, principles, safeguards, technical safeguards, unauthorized access, UseLeave a comment

Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information

Office of the National Coordinator for Health Information Technology U.S. Department of Health and Human Services Numerous forces are driving the health care industry towards the use of health information technology, such as the potential for reducing medical errors and health care costs, and increasing individuals’ involvement in their own health and health care. To facilitate this advancement and reap its benefits while reducing the risks, it is important to consider individual privacy interests together with the potential benefits to population health. Download (Requires Acrobat Reader)

Ed JonesHealth IT and HITECH, Meaningful Use, Privacy, SecurityElectronic Exchange of Individually Identifiable Health Information, health care costs, health information technology, medical errors, Office of the National Coordinator for Health Information Technology, Privacy, Security, US Department of Health and Human ServicesLeave a comment

HHS’s Health IT Policy Committee 2011 Draft Meaningful Use Objectives and Measures for Public Comment

The HITECH Act of the American Recovery and Reinvestment Act of 2009, signed by President Obama on February 17, 2009, provides an electronic health record (EHR) adoption incentive program for healthcare providers who adopt certified electronic health records and use them in a meaningful way to improve patient care. The incentive program begins in January 2011 and terminates at the end of 2014 for new adopters of certified electronic health record technology. HHS’ Health Information Technology (IT) Policy Committee released on June 16, 2009, two documents pertaining to the definition of “meaningful use” for public comment by 5 PM ET, Friday, June 26, 2009. These documents are the Meaningful Use…

Ed JonesAmerican Recovery and Reinvestment Act, Health IT and HITECH, Meaningful Use2009, 2011, 2013, 2015, American Recovery and Reinvestment Act of 2009, care goals, certified, CPOE, EHR, electronic health record, evidence-based, February 17, Health IT Policy Committee, health outcomes policy priorities, HITECH Act, incentive program, June 16, June 26, Meaningful Use, meaningful use matrix, meaningful use preamble, measures, NPRM, objectives, President Obama, Privacy, public comment, SecurityLeave a comment

HHS’s HIT Policy Committee Releases Draft Recommendations on Meaningful Use for Public Comment

Ed JonesAmerican Recovery and Reinvestment Act, Health IT and HITECH, Meaningful Use2009, 2011, 2013, 2015, American Recovery and Reinvestment Act of 2009, care goals, certified, CPOE, EHR, electronic health record, evidence-based, February 17, health outcomes policy priorities, HIT Policy Committee, HITECH Act, incentive program, June 16, June 26, Meaningful Use, meaningful use matrix, meaningful use preamble, measures, NPRM, objectives, President Obama, Privacy, public comment, SecurityLeave a comment

Integrity: Mechanism to Authenticate Electronic Protected Health Information-What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the implementation specification for the third Technical Safeguard Standard, Integrity. This implementation specification is addressable. Addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do Implement electronic…

Ed JonesSecurity2009, 2010, accuracy of back-ups, addressable, American Recovery and Reinvestment Act, ARRA, business associate, covered entity, electronic controls, February 17, hacking, HIPAA Administrative Simplification, HIPAA Security Rule, HITECH Act, human errors, implementation specification, integrity, intrusion detection, mechanism to authenticate electronic protected health information, policies and procedures, President Obama, Risk Analysis, Security Official, tampering, Technical Safeguard Standard, test logs, vendorLeave a comment

Integrity: What This HIPAA Security Rule Technical Safeguard Standard Means

This is the third Technical Safeguard Standard of the HIPAA Administrative Simplification Security Rule. It has one implementation specification: mechanism to authenticate electronic protected health information. This implementation specification is addressable. Addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009….

Ed JonesSecurity2009, 2010, access control, addressable, American Recovery and Reinvestment Act, ARRA, audit control, availability, business associate, computer virus, confidentiality, corruption of data, covered entity, data entry error, electronic information systems, electronic protected health information, February 17, hacking, HIPAA Administrative Simplification, HIPAA Security Rule, HITECH Act, human error, implementation specification, integrated, integrity, interfaced, mechanical error, mechanism to authenticate electronic protected health information, President Obama, programming bug, storage device, tampering, Technical Safeguard Standard, transmission errorLeave a comment

Audit Control: What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the second Technical Safeguard Standard. There is not a separately described implementation specification. Rather, this standard’s implementation specification is connoted in the language of the standard and is required. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do A covered entity is required to implement hardware, software, and/or procedural mechanisms…

Ed JonesSecurity2009, 2010, American Recovery and Reinvestment Act, ARRA, audit control, audit records, audit trails, August 1, automatic logoff, business associate, covered entity, electronic information systems, electronic protected health information, February 17, Federal Trade Commission, FTC, HIPAA Administrative Simplification, HIPAA Security Rule, HITECH Act, Identity Theft, implementation specification, President Obama, Red Flags Rule, required, sanctions, Security Official, software licensing agreement, Technical Safeguard Standard, unauthorized access, workforce members, workstationLeave a comment

Audit Control: What This HIPAA Security Rule Technical Safeguard Standard Means

This is the second Technical Safeguard Standard of the HIPAA Administrative Simplification Security Rule. There is not a separately described implementation specification. Rather, this standard’s implementation specification is connoted in the language of the standard and is required. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. Covered entities are required to have in place audit controls to monitor activity on their electronic systems that…

Ed JonesSecurity2009, 2010, American Recovery and Reinvestment Act, ARRA, audit control, audit records, business associate, corrective action, covered entity, electronic protected health information, electronic systems, February 17, HIPAA Administrative Simplification, HIPAA Security Rule, HITECH Act, implementation specification, logoffs, logons, President Obama, required, Risk Analysis, security incident, Technical Safeguard StandardLeave a comment

Access Control: Encryption and Decryption-What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the fourth implementation specification for the Technical Safeguard Standard, Access Control. This implementation specification is addressable. Addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do Implement…

Ed JonesHIPAA Law2009, 2010, access control, addressable, American Recovery and Reinvestment Act, ARRA, business associate, covered entity, data at rest, data in motion, data in use, decryption, decryption key, electronic protected health information, encryption, February 17, FIPS 140-2, guidance, HIPAA Administrative Simplification, HIPAA Security Rule, HITECH Act, implementation specification, IPsec VPNs, NIST SP 800-11, NIST SP 800-113, NIST SP 800-52, NIST SP 800-53, NIST SP 800-66, NIST SP 800-77, open network, President Obama, secured PHI, SSL VPNs, standard, Technical Safeguard, TLS, undecipherable, unreadable, unsecured PHI, unusableLeave a comment