|
« Back
HIPAA Security Standards
The proposed security standards are technology neutral and scaleable for the size and complexity of healthcare organizations.
At minimum, all health plans, clearinghouses and healthcare providers that transmit or maintain electronic health information must conduct a risk assessment and develop a security plan to protect this information.
They must also document these measures, keep them current, and train their employees on appropriate security procedures.
The HIPAA Security Standard is divided into four categories:
- Administrative procedures used to guard data integrity, confidentiality and availability. These are documented, formal procedures for selecting and executing information security measures. These procedures also address staff responsibilities for protecting data.
- Physical safeguards to guard data integrity, confidentiality and availability. These safeguards protect physical computer systems and related buildings and equipment from fire and other environmental hazards, as well as intrusion. The use of locks, keys, and administrative measures used to control access to computer systems and facilities are also included.
- Technical data security services to guard data integrity, confidentiality and availability. These include the processes used to protect, control and monitor information access.
- Technical security mechanisms, including processes used to prevent unauthorized access to data transmitted over a communications network.
To review the regulations in their entirety, go to:
http://www.gpoaccess.gov/cfr/index.html
search for The Code of Federal Regulations Title 45, Section 160
through 164.
|
