BayBiotech.NET
Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) required the Department of Health and Human Services (HHS) to establish national standards for the security of electronic health care information.
Department of Health and Human Services prepared certain guidelines that specify a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information (EPHI). This is particularly relevant for organizations that allow remote access to EPHI through portable devices or on external systems or hardware not owned or managed by the covered entity. Guidelines address mainly the privacy of health information issues that may arise by using laptops; home-based personal computers; PDAs and Smart Phones; hotel, library or other public workstations and Wireless Access Points (WAPs); USB Flash Drives and Memory Cards; floppy disks; CDs; DVDs; backup media; Email; Smart cards; and Remote Access Devices (including security hardware).
A significant emphasis and attention is paid on organization’s Risk analysis and risk management strategies; setting up Policies and procedures for safeguarding electronic data as well as Security awareness and training on the policies & procedures for safeguarding the health information if used electronically via remote access.
Main focus has been placed on the risks associated with remote access and offsite use of the EPHI into three areas: access, storage and transmission.
A good risk management planning takes all three areas into account and may vary from one organization to the other depending on the size, usage and infrastructure of the organization.
To read more about the risks assessment and management strategies suggested by HHS, follow the link: http://www.cms.hhs.gov/SecurityStandard/
Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) required the Department of Health and Human Services (HHS) to establish national standards for the security of electronic health care information.
Department of Health and Human Services prepared certain guidelines that specify a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information (EPHI). This is particularly relevant for organizations that allow remote access to EPHI through portable devices or on external systems or hardware not owned or managed by the covered entity. Guidelines address mainly the privacy of health information issues that may arise by using laptops; home-based personal computers; PDAs and Smart Phones; hotel, library or other public workstations and Wireless Access Points (WAPs); USB Flash Drives and Memory Cards; floppy disks; CDs; DVDs; backup media; Email; Smart cards; and Remote Access Devices (including security hardware).
A significant emphasis and attention is paid on organization’s Risk analysis and risk management strategies; setting up Policies and procedures for safeguarding electronic data as well as Security awareness and training on the policies & procedures for safeguarding the health information if used electronically via remote access.
Main focus has been placed on the risks associated with remote access and offsite use of the EPHI into three areas: access, storage and transmission.
A good risk management planning takes all three areas into account and may vary from one organization to the other depending on the size, usage and infrastructure of the organization.
To read more about the risks assessment and management strategies suggested by HHS, follow the link: http://www.cms.hhs.gov/SecurityStandard/
Comments
Post a Comment