Business Team Investment Entrepreneur Trading Concept
9 gray areas of HIPAA that should not be ignored
Under the HIPAA security rule, all covered entities must comply with a core set of required standards to secure protected health information. However, covered entities also must conduct a security risk assessment to determine if they need to add additional safeguards and justify through documentation why or why not such safeguards are necessary. This leads to gray areas as entities seek to determine if additional attention should be given to potential remaining vulnerabilities. Scrypt, a vendor of medical imaging, security communications and business operations software and services, lists nine gray areas that organizations should examine and to determine whether they are required or addressable.
Сake78 (3D & photo) - stock.adobe.com
1. Unique user identification is required
Assign a unique name and/or number for identifying and tracking user identity.
momius - stock.adobe.com
2. Emergency access procedure is required
Establish and implement (as needed) procedures for obtaining necessary electronic protected health information (ePHI) during an emergency.
Log out Red button isolated on white background
alexlmx/alexlmx - stock.adobe.com
3. Automatic logoff is addressable
Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.
Business, Technology, Internet and network concept. Young businessman working on a virtual screen of the future and sees the inscription: Decryption
Egor - stock.adobe.com
4. Encryption and decryption is addressable
Implement a mechanism to encrypt and decrypt ePHI.
Audit Concept. Word on Folder Register of Card Index. Selective Focus.
tashatuvango - stock.adobe.com
5. Audit controls are required
Implement hardware, software and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI.
Render illustration of computer keyboard with the print Data Validity on two adjacent pale blue buttons
Alon Harel/hafakot - stock.adobe.com
6. Integrity mechanisms to authenticate ePHI are addressable
Implement electronic mechanisms to corroborate that ePHI has not been altered or destroyed in an unauthorized manner.
Screen requesting password and security token depicting Two Factor Authentication
Jonathan Lim Yong Hian/Yong Hian Lim - stock.adobe.com
7. Authentication is required
Implement procedures to ensure that the identity of a person or entity seeking access to ePHI is verified.
momius - stock.adobe.com
8. Transmission security/integrity controls are addressable
Implement security measures to ensure that electronically transmitted ePHI is not improperly modified without detection, until that information is disposed of.
Weissblick - stock.adobe.com
9. Transmission security/encryption is addressable
Implement a mechanism to encrypt ePHI whenever it is deemed to be appropriate.