HIPAA.com

Facility Access Controls: Maintenance Records-What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the fourth implementation specification for the Physical Safeguard Standard, Facility Access Controls. This implementation specification is addressable. Remember, addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act ARRA, signed by President Obama on February 17, 2009. What…

Ed JonesHIPAA Law2010, 2019, addressable, American Recovery and Reinvestment Act, ARRA, business associate, contingency operations, covered entity, doors, electronic format, facility access controls, February 17, hardware, HIPAA Administrative Simplification, HIPAA Security Rule, HITECH Act, locks, log, maintenance records, physical components, physical safeguard standard, President Obama, reasonable and appropriate, repairs and modifications, routine back up, Security Official, Security Rule, six year retention, wallsLeave a comment

Red Flags Rules Compliance Countdown: 2 days

The Federal Trade Commission’s (FTC’s) red flags rules for financial institutions and creditors to fight identity theft require compliance by most healthcare providers on Friday, May 1, 2009. See this post for more information on how to prepare for Friday’s deadline.

Ed JonesRed Flags Rules2009, billing and payment procedures, biometric, Business Guide, compliance, covered account, creditor, creditors, detect red flags, Fair and Accurate Credit Transactions Act of 2003, Federal Trade Commission, Four Steps Process, FTC, healthcare providers, HIPAA Administrative Simplification, identify relevant red flags, Identifying information, Identity Theft, May 1, National Institute of Standards and Technology, NIST, October 2008, prevent and mitigate identity theft, Privacy Rule, protected health information, Publication 800-66 Revision 1, Red Flags Rule, Security Rule, telecommunication, Theft Prevention Program, Toporoff, update your ProgramLeave a comment

Word of the Day: PHR

Personal health record (PHR): The health care consumer’s health information record, which they own and manage. Sharing or allowing access is based on the patient’s consent/permission.

Carolyn HartleyHealth IT and HITECHGlossary, personal health record, PHR, word of the dayLeave a comment

Facility Access Controls: Access Control and Validation Procedures-What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the third implementation specification for the Physical Safeguard Standard, Facility Access Controls. This implementation specification is addressable. Remember, addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act ARRA, signed by President Obama on February 17, 2009. What…

Ed JonesHIPAA Law2010, 2019, access control and validation procedures, addressable, Administrative Safeguard Procedures, American Recovery and Reinvestment Act, ARRA, authorization, business associate, business associate agreement, contingency operations, covered entity, electronic protected health information, facility access controls, February 17, function, HIPAA Administrative Simplification, HIPAA Security Rule, HITECH Act, job description, need, physical safeguard standard, President Obama, reasonable and appropriate, Risk Analysis, Security Official, Security Rule, tampering, theft, unauthorized physical access, vendors, visitor badge system, visitor sign-in, workforce member. Verify a person’s authorization to access the covered entity’s electronic systems that contain electronic protected health informationLeave a comment

Red Flags Rules Compliance Countdown: 3 days

Word of the Day: Integrated System

Integrated System: In an EMR, the vendor builds the system using the same characteristics arranged in the broad categories of data issues, application issues, presentation issues, and operational issues. Systems built in this way are often referred to as a Single Source solution.

Carolyn HartleyHealth IT and HITECHEHR, Glossary, integrated system, terms, word of the dayLeave a comment

FTC’s “Red Flags” Rule to Prevent Identity Theft Requires Compliance by Healthcare Providers on Friday, May 1, 2009

The Federal Trade Commission’s (FTC’s) “red flags” rules for financial institutions and creditors to fight identity theft require compliance by most healthcare providers on Friday, May 1, 2009. HIPAA.com recommends that healthcare providers examine three documents, which we have available at HIPAA.com, to determine their responsibilities with respect to compliance with the red flag rules. These documents are: » Identity Theft Red Flag Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003; Final Rule, published in the Federal Register on November 9, 2007. The preamble of the Final Rule, which discusses the purpose, intent, and scope of coverage, appears on pages 63718-63733. Of particular importance…

Identity Theft Red Flags and Address Discrepancies

DEPARTMENT OF THE TREASURY 12 CFR Part 41, 222, 334, 364, 571 and 717 16 CFR Part 681 Idendity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003 AGENCY: Office of the Secretary, HHS. ACTION: Joint Final Rules and Guidelines. Download (Requires Acrobat Reader)

Facility Access Controls: Facility Security Plan-What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the second implementation specification for the Physical Safeguard Standard, Facility Access Controls. This implementation specification is addressable. Remember, addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act ARRA, signed by President Obama on February 17, 2009. What…

Ed JonesHIPAA Law2010, 2019, addressable, alarm systems, American Recovery and Reinvestment Act, anti-intrusion, ARRA, biometrics, building exteriors and interiors, business associate, contingency operations, covered entity, entrance guard, facility access controls, facility security plan, February 17, HIPAA Administrative Simplification, HIPAA Security Rule, HITECH Act, identification systems, impairment of systems, intrusions, lock, multiple business office dwelling, passcards, physical safeguard standard, President Obama, reasonable and appropriate, receptionist, Risk Analysis, Security Official, Security Rule, single business dwelling, tampering, theft, threats and vulnerabilities, unauthorized physical accessLeave a comment

Word of the Day: Security Incident

Security Incident: The attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.

Carolyn HartleyHealth IT and HITECHGlossary, integrated system, security incident, terms, word of the dayLeave a comment