Free HIPAA resources available on the web
Two resources that address the security rule of the Health Insurance Portability and Accountability Act (HIPAA) are available on the Internet. The National Institute of Standards and Technology (NIST) has released a special publication that gives examples of how organizations can meet the requirements of the security rule.
The paper, “An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act Security Rule,” explains some of the key concepts of HIPAA security, including administrative, technical, and physical controls, as well as general administrative and organizational requirements. The NIST paper is available at www.csrc.nist.gov. To access this document, enter the special publication number, “800-66,” in the search field. The Centers for Medicare & Medicaid Services (CMS) has published the third white paper in its HIPAA security series.
The paper addresses physical safeguards required by HIPAA and can be found at www.cms.hhs.gov/hipaa/hipaa2/education. Under “Security Educational Material,” choose “Security Standards-Physical Safeguards.” The paper includes these objectives:
- review each physical safeguard and implementation specification listed in the security rule;
- discuss physical vulnerabilities and provide examples of physical controls that a covered entity could implement;
- provide sample questions covered entities may want to consider when implementing physical safeguards.
The next paper in the series will cover technical safeguards under the security rule.
CMS also has posted answers to five new frequently asked questions (FAQs) about the HIPAA security rule. The new FAQs include the following:
1. Must business associates report security incidents to the covered entity?
2. What does the HIPAA security rule require a covered entity to do to comply with the security incidents procedures standard?
3. Does the security rule permit a covered entity to assign the same log-on ID or user ID to multiple employees?
4. Must plan sponsors report security incidents to the group health plan?
5. What are some examples of threats that covered entities should address when conducting their risk analyses?
To find the new FAQs, go to www.cms.hhs.gov, choose FAQs on the top navigational bar, enter HIPAA in the category search box, and scroll down to questions 100, 106, 109, 113, and 114.
Two resources that address the security rule of the Health Insurance Portability and Accountability Act (HIPAA) are available on the Internet.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.