In: Nursing
This chapter introduces the HIPAA security rule, which closely aligns with the security rule. Although the rules complement each other, the security rule governs the privacy of protected health information (PHI) regardless of the medium in which the information resides, whereas the security rule governs PHI that is transmitted by or maintained in some form of electronic media (that is, electronic protected health information, or ePHI). The chapter begins with a discussion of the purposes of the rule, its source of law, scope, and to whom the law applies. The chapter suggests a process for complying with the rule and outlines the five key components of the rule. The chapter also discusses changes to the security rule as a result of the Health Information Technology for Economic and Clinical Health (HITECH) provisions of the American Recovery and Reinvestment Act of 2009 (ARRA). It concludes with a discussion of the role of a security officer, how the rule is enforced, and the penalties for noncompliance of the rule.
What policies and procedures are necessary for compliance with the HIPAA security rule?
The HIPAA Security Rule sets national standards for the secure maintenance, transmission, and handling of PHI and ePHI to covered entities and business associates. The Security Rule outlines standards for the integrity and safety of PHI and ePHI that must be in place in any healthcare organization including physical, administrative, and technical safeguards. Specifics of the regulations must be documented in the organizations HIPAA Policies and Procedures and the staff must be trained on these Policies and Procedures annually with documented accreditation.Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit; Identify and protect against reasonably anticipated threats to the security or integrity of the information; Protect against reasonably anticipated, impermissible uses or disclosures.