Understanding different types of HIPAA security policiesPosted by johnm0307 on June 8th, 2015 The Health Insurance Portability and Accountability Act or HIPAA is a federal law which is enacted in 1996 to change the way for the patient health care information is handled and protected. This law is considered as the most significant healthcare legislation since Medicare in 1965. HIPAA comprises several policies which every healthcare entity should follow to ensure the safety of the patient healthcare information and also to streamline the administrative process. One of the most important parts of HIPAA was the creation of the Security Rule. The security rule is created to improve the security of the patient healthcare information. The security rule created guidelines for dealing with three different kinds of information and created three kinds of safeguards that every covered healthcare entity and business associates must have. These three safeguards include: Administrative This portion of the rule is designed and developed to help organizations to streamline their administrative processes. This portion contains complete guidelines to help the covered entities and business associates to comply with the HIPAA. In order to become HIPAA compliant, an entity may have a written set of HIPAA security ploicies, have evidence that their employees are trained and understand how to handle the protected healthcare information or to appoint a trained officer to enforce all the rules. The written policies must cover all the aspects of handling the patients’ healthcare information. They should have an effective plan to ensure the security of protected healthcare information in both electronic and written form.
Technical This portion of the rule comprises all the technical aspects of security in handling the access of the PHI (protected healthcare information) to the computers. It not only covers the security of the stored data, but also the data transmittal within or beyond the network of the covered entities. This rule comprises guidelines to ensure the security of the data from outside intrusion, assuring the authenticity of PHI stored within the network, creating the requirements for data encryption during transmission and other things which help organizations to run their operations as per the HIPAA guidelines. Physical This portion of rule focuses on how to ensure the safety of PHI while maintaining the flow of information for offering the excellent healthcare services. The rule contains guideline about who can access the patient personal healthcare information or who cannot. Besides this, it also covers subjects like visitor policies, security systems and maintenance records and policies. Like it? Share it! More by this author |
