In: Nursing
This chapter introduces the HIPAA security rule, which closely aligns with the security rule. Although the rules complement each other, the security rule governs the privacy of protected health information (PHI) regardless of the medium in which the information resides, whereas the security rule governs PHI that is transmitted by or maintained in some form of electronic media (that is, electronic protected health information, or ePHI). The chapter begins with a discussion of the purposes of the rule, its source of law, scope, and to whom the law applies. The chapter suggests a process for complying with the rule and outlines the five key components of the rule. The chapter also discusses changes to the security rule as a result of the Health Information Technology for Economic and Clinical Health (HITECH) provisions of the American Recovery and Reinvestment Act of 2009 (ARRA). It concludes with a discussion of the role of a security officer, how the rule is enforced, and the penalties for noncompliance of the rule.
What policies and procedures are necessary for compliance with the HIPAA security rule? Explain 2 policies/procedures for HIPAA compliance that should be included.
INTRODUCTION
- In 1996 Congress enacted the Health Insurance Portability and Accountability Act ,and it is also known as HIPAA .The main objectives of this act as follows;
-To protect the people from losing their health insurance
-To reduce the cost and administrative burdens of health care
-To create standard electronic formats for many administrative transactions
-To develop standards and requirements to protect the privacy and security of confidential health care informations
-As a part of the American Recovery and Reinvestment Act of 2009,HITECH act updated federal HIPAA privacy and security standards
WHAT IS HIPAA
H-----HEALTH
I-----INSURANCE
P------PORTABILITY
A--------ACCOUNTABILITY
A-------ACT
QUESTION-1
POLICIES AND PROCEDURES '
Are categorized into three;
health care provider
health care plans
health care clearinghouse
HIPAA COMPLIANCE
- It means HIPAA sets the standards for sensitive patients data protection
-T he United States Deoartment of Health and Human Services enforces HIPAA compliaance throughout the countries
SECURITY RULES
It is defined as the sets ofsecurity standars for the protection of electronic protected health information
POLICIES AND PROCEDURES OF HIPAA COMPLIANCE INCLUDES;
-Covered entities
-Buisiness entities
-Protected health informations
-Treatment -payment-health care -operations
-Security standards
-Basics of risk analysis and risk management
HIPAA SECURUTY RULE PROVISIONS ARE'
-Administrative safeguards
-Physical safeguards
-Technical safeguards
QUESTION -2
Two important policies and procedures;
1-Covered entities
2-Protected health informations
1-COVERED ENTITIES
The rules covered by the privacy and security rules includes;
-health care plans
-health care providers
-clearing houses
COMPONENTS OF COVERED ENTITIES
-health care claims
-health plan eligibility inquiries and responses
-enrollment and disenrollment in health plan
-health care payment and remittance advice
-health plan premium payments
-claims status
-referral clarifications
-coordination of benefits
SECURUTY RULES IN COVERED ENTITY RULES;
The following are required as part of the HIPAA security rules;
-HIPAA risk assessment
-HIPAA risk management plans
-Annual HIPAA securuty awarness training
1-ADMINISTRATIVE SAFEGUARDS
-certification review
-chain of trust agreement
-designing a privacy officer
-providing a physical safeguards
-requiring a buisiness associates
-implementing rules,policies and procedures
-internal audit procedures
-personal security
-system configeration management
-termination procedures
2-PHYSICAL SAFEGUARDS
-security management
-media controls
-physical access controls
-equipments controls
-guidlines on workstation use
3-TECHNICAL SAFEGUARDS
-access controls
-audit controls
-authorization controls
-data authentication
-entry authentications
2-PROTECTED HEALTH INFORMATION
-It is defined as individually identifiable health informations transmitted by electronic media,maintained in any electronic medium,or transmitted or maintained in any other form or medium and sent or stored in any form
It is a one type of security rules and allows the individual to;
-get a copy of their medical records
-ask for chances to their medical records
-find out and limit how their health information can be used
-know who has recived their health informations
-have communications sent to an alternate locations
-file complaints and participates in investigations
-Can protect HIPAA patients rights ;
-right to privacy
-right to confidential
-right to access
-right to provide specific authorizations
-right to request and
HIPAA Security rules standards are;
-ensure the confidentiality,integrity and availability of all electronic protected health informations
-protect against any anticipated threats
-ensure compliance
-establish a secured internet accessibility route
CONCLUSION
This act is under three principles such as;
-CONFIDENTIALITY
-INTEGRITY
-AVAILABILITY
-
-