Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA Security Standards Final Rule

Published byGerald Barber Modified over 5 years ago

Similar presentations

Presentation on theme: "HIPAA Security Standards Final Rule"— Presentation transcript:

1 HIPAA Security Standards Final Rule
Stanley Nachimson Office of HIPAA Standards CMS

2 Regulation Dates Published February 20, 2003
Effective Date April 21, 2003 Compliance Date: April 21, 2005 for all covered entities except small health plans April 21, 2006 for small health plans (as HIPAA requires)

3 General Requirements (164.306(a))
Ensure Confidentiality (only the right people see it) Integrity (the information is what it is supposed to be – it hasn’t been changed) Availability (the right people can see it when needed)

4 General Requirements Applies to Electronic Protected Health Information That a Covered Entity Creates, Receives, Maintains, or Transmits

5 General Requirements Protect against reasonably anticipated threats or hazards to the security or integrity of information Protect against reasonably anticipated uses and disclosures not permitted by privacy rules Ensure compliance by workforce

6 Regulation Themes Scalability/Flexibility
Covered entities can take into account: Size Complexity Capabilities Technical Infrastructure Cost of procedures to comply Potential security risks

7 Regulation Themes Technologically Neutral Comprehensive
What needs to be done, not how Comprehensive Not just technical aspects, but behavioral as well

8 How Did We Accomplish This
Standards Are Required but: Implementation specifications which provide more detail can be either required or addressable.

9 Addressability If an implementation specification is addressable, a covered entity can: Implement, if reasonable and appropriate Implement an equivalent measure, if reasonable and appropriate Not implement it Based on sound, documented reasoning from a risk analysis

10 What are the Standards? Three types: Administrative Physical Technical

11 Administrative Standards
Security Management Risk analysis (R) Risk management (R) Assigned Responsibility Workforce Security Termination procedures (A) Clearance Procedures (A)

12 Administrative Standards
Information Access Management Isolating Clearinghouse (R) Access Authorization (A) Security Awareness and Training Security Incident Procedures Contingency Plan Evaluation Business Associate Contracts

13 Physical Standards Facility Access Controls
All addressable specifications Contingency operations Facility Security Plan Access control Maintenance Records Workstation Use (no imp specs) Workstation Security Device and Media Controls

14 Technical Standards Access Control Audit Controls Integrity
Unique User Id (R) Emergency Access (R) Automatic Logoff (A) Encryption and Decryption (A) Audit Controls Integrity Person or Entity Authentication Transmission Security

15 Chart in Regulation At end of the regulation, this chart lists each standard, its associated implementation specifications, and if they are required or addressable

16 Basic Changes from NPRM
Aligned with Privacy (Definitions, requirements for business associates) Encryption now addressable No requirement for certification Standards simplified and redundancy eliminated.

17 Implementation Approach
Do Risk Analysis – Document Based on Analysis, determine how to implement each standard and implementation specification – Document Develop Security Policies and Procedures – Document Train Workforce Implement Policies and Procedures Periodic Evaluation

18 Summary Scalable, flexible approach
Standards that make good business sense Two years for implementation First step is risk analysis

Download ppt "HIPAA Security Standards Final Rule"

Similar presentations

RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.

RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.

Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
1 HIPAA Security Final Rule Overview April 9, 2003Karen Trudel.

1 HIPAA Security Final Rule Overview April 9, 2003Karen Trudel.
HIPAA Security NWOAHU Presented by Barb Gerken 11/12/2013.

HIPAA Security NWOAHU Presented by Barb Gerken 11/12/2013.
I haven't heard of HIPAA, but I can hip hop.. Some Tips & Updates for HME/Rehab Providers HIPAA Security Standards Final Rule Some Tips & Updates for.

"I haven't heard of HIPAA, but I can hip hop.". Some Tips & Updates for HME/Rehab Providers HIPAA Security Standards Final Rule Some Tips & Updates for.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.

Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.

Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.

Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)
IT’S OFFICIAL: GOVERNMENT AUDITING OF SECURITY RULE COMPLIANCE Nancy Davis, MS, RHIA Director of Privacy/Security Officer, Ministry Health Care & Catherine.

IT’S OFFICIAL: GOVERNMENT AUDITING OF SECURITY RULE COMPLIANCE Nancy Davis, MS, RHIA Director of Privacy/Security Officer, Ministry Health Care & Catherine.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Similar presentations

Ads by Google