HIPAAKTR

Episode 38: Know The Rules! Diving into HIPAA Administrative Safeguards

In this week’s “Know The Rules!”, I am diving a little deeper into the Administrative Safeguards of the Health Insurance Portability and Accountability Act (HIPAA) Security Standards: Administrative Safeguards, 45 CFR § 164.308. The HIPAA Administrative Safeguards comprises over half of the HIPAA Security Rule. It establishes a national set of minimum security standards for […]

HIPAAKTR

Episode 26: Know The Rules! How To: Identify Your HIPAA Risk Analysis Scope

The HIPAA Security Rule adopts national standards for safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI) that is created, received, maintained, or transmitted by a Covered Entity (CE) or Business Associate (BA). As a CE or BA, you are required to have in place reasonable and appropriate security measures […]

HIPAAKTR

Episode 21: Know The Rules! When Business Associates are NOT Compliant

Required: HIPAA Risk Analysis Today, I discuss the importance of conducting an enterprise-wide risk analysis to identify vulnerabilities to your ePHI, and then steps to execute the required HIPAA Risk Analysis. After the passing of the Omnibus Rule, Covered Entities (CEs) are required to have a signed Business Associate Agreements (BAA) with all their Business […]

HIPAAKTR

Episode 11: Know The Rules! Business Associates HIPAA Security Risk Analysis

Did you know? All Business Associates (BAs) are required to perform a risk analysis to identify their potential administrative, physical and technical security risks to PHI. Required and Addressable Implementation Specifications Covered Entities (CEs) and BAs are required to comply with every Security Rule “Standard.” However, the Security Rule categorizes certain implementation specifications within those […]

Required or Addressable

Episode 8: Know The Rules! HIPAA Risk Analysis – Addressable or Required

HIPAA Security Addressable or Required The HIPAA Security Rule contains several implementation specifications that are labeled as Addressable or Required specifications. Required – If an implementation specification is described as “required,” the specification MUST be implemented. Addressable – The concept of “addressable implementation specifications” was developed to provide Covered Entities (CEs) and their Business Associates […]

HIPAAKTR

Episode 6: Know The Rules! Establishing Your Security Management Process

Every Business Associate (BA) that creates, receives, maintains, or transmits protected health information (PHI) is required to perform a comprehensive organization-wide HIPAA Risk Analysis (Per: §164.308(a)(1)(ii)(A)). This includes establishing and maintaining effective Security Management Process is not only a requirement, but is also a critical and a necessary activity for the protection of ALL of […]

HIPAAKTR

Episode 5: Know The Rules! Business Associates Don’t Let This Happen To You!

Did you know? In 2013, the Final Omnibus Rule updated the HIPAA Security Rule and Breach Notification clauses of the HITECH Act. As a result every Business Associate (BA) that creates, receives, maintains, or transmits electronic Protected Health Information (ePHI) is required to perform a comprehensive enterprise-wide HIPAA Security Risk Analysis (Per: §164.308(a)(1)(ii)(A)). This means […]

Episode 3: Know The Rules! HIPAA Risk Analysis

Did you know? ALL Business Associates (BAs) are required to perform a HIPAA risk analysis to identify their potential Administrative, Physical and Technical security risks to electronic protected health information (ePHI). The Administrative Safeguards provisions require BAs to perform risk analysis as part of their security management processes. The results of the risk analysis will […]