HIPAA Security
MSAI adheres to and fully supports the Health Care Industry Code of Ethics and Standards. Part of our commitment to our customers and the health care industry is recognizing the different challenges and the ever-changing regulatory standards.
Our team of Privacy Officers and Quality Assurance Associates manage information security and ensure compliance to HIPAA regulations standards. Our Associates assure delivery of the highest quality service through the synergy of effective security, proper training and timely delivery.
MSAI is committed to the development of a continuing educational program for our dedicated staff to keep them abreast with the latest HIPAA protocol and requirements. We orient them on each new project to ensure confidentiality and competence. We pay special attent to client requirements and guarantee complete satisfaction
The 18 HIPAA Security Rule Standards
Since the digitalization of modern medicine, among the vital concerns of the medical industry is the protection of the electronic health information. Now that the medical industry has fostered the growth of a whole slew of support industries – businesses such as HMOs, healthcare clearinghouses, specialized document management and processing companies, all of which have necessary access to these records – the need for a higher standard of security for patient health information has gained even greater urgency.
In February of 2003, the Department of Health and Human Services (“HHS”) published the Health Insurance Reform: Security Standards; Final Rule, 45 CFR Parts 160, 162 and 164, 68 Fed. Reg. 8333. These standards provided a broad spectrum of protection regarding Electronic Protected Health Information (EPHI) used by a specific group of Covered Entities, i.e. Health Plans, Healthcare Clearinghouses, or health care providers who transmit any EPHI. In addition, it requires these entities to effectively require those other businesses it associates with (who also transmit EPHI) to comply with the same standards. A compliance date for most covered entities was set on April 21,2005, and for other “small plans,” April 21, 2006. If your business is engaged in these broad categories, time to check your compliance requirements.
These standards provided a broad spectrum of protection regarding Electronic Protected Health Information (EPHI) used by a specific group of Covered Entities, i.e. Health Plans, Healthcare Clearinghouses, or health care providers who transmit any EPHI. In addition, it requires these entities to effectively require those other businesses it associates with (who also transmit EPHI) to comply with the same standards. A compliance date for most covered entities was set on April 21,2005, and for other “small plans,” April 21, 2006. If your business is engaged in these broad categories, time to check your compliance requirements.
Where the HIPAA Privacy Rule dealt with the use of reasonable administrative, physical and technical safeguards to protect privacy, the Security Rule created standards by which the reasonableness of the Privacy Rule’s safeguards are to be measured. [www.wiggin.com/db30/cgi-bin/pubs/Summary%20of%20HIPAA%20Security%20Rule%20October%202004.pdf as seen December 1., 2009] In broad terms, these Security Rule standards dealt with 3 general areas – Administrative, Physical, and Technical – in which the confidentiality, integrity, and availability of electronic protected health information must be maintained.
To add flexibility to the rule, the HIPAA maintains two qualities of compliance safeguards depending on the relevant security standard it is implementing. There are the standards that are required (must be adopted and administered), and there are those that addressable (where covered entities can determine from their own circumstance how best to implement a particular standard.)
Here are the 18 HIPAA Security Rule Standards with brief relevant notes on their application and the compliance safeguard required. An (R) denotes a required compliance and an (A) is an addressable standard.
Administrative Safeguards
Physical Safeguards
Sources and References:
www.hipaa.ihs.gov/documents/IHS_HIPAA_Security_Checklist.doc December 5, 2009
www.wiggin.com/db30/cgi-bin/pubs/Summary%20of%20HIPAA%20Security%20Rule%20October%202004.pdf December 3, 2009
www.securityfocus.com/infocus/1764 December 3, 2009