Why Does It Matter? The Administrative Safeguards of the HIPAA Security Rule requires Covered Entities (CEs) and Business Associates(BAs) to: Implement procedures for creating, changing and safeguarding passwords [For details see: Security Awareness and Training, §164.308(a)(5)]. Make sure you create and regularly use strong passwords (i.e. usually 10 characters or more and includes uppercase and lowercase letters, numbers, and special characters …
Why You Need A Current HIPAA Risk Analysis Conducting a HIPAA risk analysis is the first step in identifying the risks in your organization. The Department of Health and Human Services (HHS) requires healthcare organizations and their third-party vendors that create, receive, maintain or transmit identify risks and vulnerabilities that effects electronic protected health information (e-PHI). Once the …
Third-Party Vendors Size Doesn’t Matter That’s right folks – if you are a healthcare third-party vendor size doesn’t matter when it comes to HIPAA compliance. Healthcare third-party vendors that create, receive, maintain, and/or transmit protected health information is required by law to comply with the regulations. Did You Know? A healthcare third-party vendor, referred to by the Department …
How To Spot Phishing In this week’s “Know The Rules!,” I present different methods Covered Entities (CEs) and Business Associates (BAs) can use to detect and avoid phishing attacks. Spam & Phishing on Social Networks Spam, phishing and other scams aren’t limited to just email. They’re also prevalent on social networking sites, like Facebook, WhatsApp, …
HIPAA Audit Controls and Audit Logs Today I am breaking down the one of the Technical Safeguard standards, Audit Controls, 45 § 164.312(b), into byte-size portions to help you understand how it is significant to your organization. Audit Logs are The HIPAA Security Rule provision on requires regulated entities to: Implement hardware, software, and/or procedural mechanisms that record and …
What is Information Access Management? The fourth standard in the Administrative Safeguards section is Information Access Management. Covered Entities (CEs) and their Business Associates (BAs) are required to: “Implement policies and procedures for authorizing access to electronic protected health information that are consistent with the applicable requirements of subpart E of this part [the Privacy …
Breaking Down the HIPAA Security Rule Physical Safeguards Today I am breaking down the Physical Safeguards of the HIPAA Security Rule, 45 CFR § 164.310, into byte-size portions to help you understand how they are significant to your organization. The Physical Safeguards are physical measures, policies, and procedures to protect a regulated entity’s electronic information systems and …
Breaking Down the HIPAA Security Rule Physical Safeguards Read More »
HIPAA Security Rule Technical Safeguards Today I am breaking down the Technical Safeguards of the HIPAA Security Rule, 45 CFR § 164.312, into byte-size portions to help you understand how they are significant to your organization. The HIPAA Security Rule establishes security standards for protecting all electronic protected health information (ePHI). The Technical Safeguards require regulated entities and their …
Breaking Down the HIPAA Security Rule Technical Safeguards Read More »
Understanding the HIPAA Policies and Procedures Today, I am diving a little deeper into the HIPAA Security Rules Administrative Safeguards, 45 CFR § 164.316 to break down the Policies and Procedures into byte-size portions to help you understand how they are significant to your organization. The standard requires regulated entities, Covered Entities (CEs) and their third-party vendors, to implement …
In this week’s “Know The Rules!,” I am diving a little deeper into the Organizational Requirements, part of the Administrative, Physical, and Technical Safeguards of the Health Insurance Portability and Accountability Act (HIPAA) security standards, 45 CFR § 164.314. As with all the standards in the HIPAA Security Rule, compliance with the Organizational Requirements standards …