Question

What are the key elements of the HIPAA Security Rule?

Answer 1

The HIPAA Security Rule extends the HIPAA Privacy Rule to include electronic protected health information (ePHI). All ePHI must be properly secured from unauthorized access, whether the data is at rest or in travel state. The HIPAA Security Rule applies to covered entities and their business associates (BA).

This Rule requires covered entities to implement security measures to protect ePHI. There are three types of elements, which require to implement: administrative, physical and technical.

Administrative: It measures to ensure patient data is correct and accessible to authorized parties.

They are the policies and procedures, which help in protection against a breach. They determine the process of documentation, roles and responsibilities, training requirements, data maintenance policies and more. Administrative protections ensure that the physical and technical protections are implemented properly and consistently.

Physical: It measures to prevent physical theft and loss of devices containing electronic PHI.

They make sure data is physically protected. They include security systems and video surveillance, door and window locks and locations of servers and computers. They include policies about mobile devices and removing hardware and software from certain locations.

Technical: It is technology-related. It measures to protect your networks and devices from data breaches and unauthorized access. Each covered entity requires to determine which technical safeguards are essential and appropriate for the organization in order to protect its ePHI.

These three elements represent nearly every supporting aspect of your business: your policies, record keeping, technology and building safety. HIPAA needs that all your employees be on the same page and working together to protect patient data.