The technical safeguards a covered entity implements must only allow access to ePHI by the people or software programs that have been granted access by the covered entity.

2.9.1 Access Control (Standard)

Covered entity must be able to identify at all times who had access to ePHI, was it appropriate, and how they prevent and detect unauthorized access.

Unique User Identification (Required)

All users must have a unique identification number or tag to track when they accessed ePHI and the activity they performed on the information

Emergency Access Procedures (Required)

Covered entities need to establish who can access ePHI during an emergency. Can the help desk IT staff get access to ePHI for clinicians in an emergency, or is clearance needed from Sr. IT management?

Automatic Logoff (Addressable)

Can your information system log off users after a predetermined time when no activity is noted? If not, what precautions are taken?

Encryption and Decryption (Addressable)

This implementation specification ensures the confidentiality and integrity of ePHI during electronic transmission. Covered entities need to decide how and when to use encryption and decryption.

2.9.2 Audit Controls (Standard)

Covered entities must implement the controls necessary record and monitor information system activities. This includes authorized activities and non-authorized activities. It includes hardware, software, and/or procedural controls. These controls are required.

2.9.3 Integrity (Standard)

Covered entities must protect ePHI from improper alteration and destruction.

Mechanism to Authenticate ePHI (Addressable)

How do you attest to the validity of the information and what election mechanisms do you have in place to validate the information?

2.9.4 Person or Entity Authentication (Standard)

This is a required implementation specification. Can you electronically verify that the person requesting information is who they say they are?

2.9.5 Transmission Security (Standard)

Electronic communication networks must be protected to ensure the confidentiality of all ePHI transmitted.

Integrity Controls (Addressable)

Covered entities must implement controls to protect against message tampering during communications of ePHI. These controls ensure the message received is the same message that was sent.

Encryption (Addressable)

Covered entities must implement encryption controls where appropriate to protect ePHI.

HIPAA Security Implementation, Version 1.0
HIPAA Security Implementation, Version 1.0
ISBN: 974372722
Year: 2003
Pages: 181

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net