Question

The HIPAA Security Rule is a critical document for Health care Information Technology professionals to understand and support. Review the HIPAA Security Rule and discuss:

(1) importance of access controls in addition to audit controls,

(2) what “emergency access procedures” mean under the Access Control standard,

(3) how role-based access controls meet the HIPAA Privacy Rule Minimum Necessary standard,

(4) what form of authentication best meets the Person or Entity Authentication standard for different healthcare applications.

Answer 1

HIPPA SECURITY RULES:

1) HIPPA has the technical safeguards which protect the Electronic health information and access control through the policies and procedures. HIPPA security rules have a variety of controls such as access control, audit control, integrity control, transmission security control, and authentication control. The audit control consists of hardware and software programs which examine and records of information of electronic protected health information. These programs are accessed only by the granted people who have rights. The access control will have specific features which allow the workforce members to use the application and software program under the control of IT head.

2). The emergency access procedure is used in case of loss of protected data due to any disaster, fires, terrorism. In that situation, the workforce members should follow the protocols of back up storage and access the needed information in another area. The emergency planned procedure should be taken into consideration by the access control.

3) The Role-based access control allows the Health Care Organization to disclose only the minimum required information based on the purpose. When another entity requires a health information, the role-based access control limits the information to the necessary for the disclosure. The security designee controls the workforce member based on the minimum requirements.

4) Authentication is the process of person's identity. It is the verification of the persons who are having access to use ePAH. The entity will protect the information by using the password, biometrics. This will minimize the risk and threat of health information. The security designee and the IT vendor made a specific feature in the application for the entity.