HIPAA Security Management Process in 6 Steps Today I am breaking down the HIPAA Security Management Process, 45 § 164.308(a)(1), into byte-size portions to help you understand how they are significant to your organization. Before I can break down today’s topic, I first should set the stage. The HIPAA Security Rule, Administrative Safeguards provisions that requires regulated entities to perform a …
HIPAA Audit Controls and Audit Logs Today I am breaking down the one of the Technical Safeguard standards, Audit Controls, 45 § 164.312(b), into byte-size portions to help you understand how it is significant to your organization. Audit Logs are The HIPAA Security Rule provision on requires regulated entities to: Implement hardware, software, and/or procedural mechanisms that record and …
What is Information Access Management? The fourth standard in the Administrative Safeguards section is Information Access Management. Covered Entities (CEs) and their Business Associates (BAs) are required to: “Implement policies and procedures for authorizing access to electronic protected health information that are consistent with the applicable requirements of subpart E of this part [the Privacy …
Breaking Down the HIPAA Security Standards Today I am breaking down the HIPAA Security Rule, 45 CFR § 164.308, into byte-size portions to help you understand how they are significant to your organization. The HIPAA Security Rule establishes security standards for protecting all electronic protected health information (ePHI), 45 CFR Part 160 and Part 164, Subparts A and C. The HIPAA Security …
When a security incident happens and when they do, effective response planning can be a major factor of how significant an organization suffers operational or reputational harm or legal liability. Being able to respond to incidents in a systematic way ensures appropriate response steps are taken each time to help minimize the impact of breaches. …
What’s a Security Incident? When is it a Breach? Read More »
Did You Know? The HIPAA Security Rule requires Covered Entities (CEs) and Business Associates (BAs) to “implement a security awareness and training program for ALL members of its workforce (including management)” 45 C.F.R. § 164.308(a)(5)(i). Note: the emphasis on ALL members of the workforce, because ALL workforce members can either be guardians of the entity’s …
Healthcare Third-Party Vendors – HIPAA Security Rule Applies To YOU Too! Read More »
Documentation That’s What It’s All About Today I am breaking down the Documentation standard, 45 §164.316(b)(1), from the HIPAA Security Management Process into byte-size portions to help you understand how they are significant to your organization. Before I can break down today’s topic, I first should set the document stage. When it comes to auditors, lawyers and the …
HIPAA Security Rule Administrative Safeguards Today I am breaking down the Administrative Safeguards of the HIPAA Security Rule, 45 CFR § 164.308, into byte-size portions to help you understand how they are significant to your organization. The HIPAA Security Rule establishes security standards for protecting all electronic protected health information (ePHI). The Administrative Safeguards comprise over half of the …
Breaking Down the HIPAA Administrative Safeguards Read More »
Breaking Down Threats, Vulnerabilities, and Risks Today I am breaking down threats, vulnerabilities, and risks into byte-size portions to help you understand how they are significant to your organization. Before I can break down today’s topic, I first should set the stage. Setting the Stage for Threats, Vulnerabilities, and Risks The Security Management Process, 45 …
Breaking Down Threats, Vulnerabilities, and Risks Read More »
Did you know? ALL Business Associates (BAs) are required to perform a HIPAA risk analysis to identify their potential Administrative, Physical and Technical security risks to electronic protected health information (ePHI). The Administrative Safeguards provisions require BAs to perform risk analysis as part of their security management processes. The results of the risk analysis will …