goto Indian Health Service home page Indian Health Service: The Federal Health Program for American Indians and Alaska Natives

 
Advanced  Search
IHS HOME ABOUT IHS SITE MAP HELP
goto Health and Human Services home page goto Health and Human Services home page
picture of Family holding hands
 HIPAA – Health Insurance Portability and Accountability Act title
  
Home
line
HIPAA Coordinators
line
HIPAA Training
box Learn, Train & Protect
box About HIPAA
   Regulations
box Training Information
line
HIPAA 835 & 837 Training
line
Privacy Standards
line
Transactions and Code Sets Standards
line
Security Standards
line
Identifiers Standards
line
line
Forms, Policies & Procedures
line
Helpful Links
line
HIPAA FAQ
line
Resources for I H S Management
line
Questions or Comments. Please contact the Site Manager.


These plug-ins
may be required
for the content
on this page:

Link to Adobe Acrobat Plug-in Acrobat
Link to MicroSoft Word Plug-in MS Word
Link to MicroSoft PowerPoint Plug-in PowerPoint
Link to MicroSoft Excel Plug-in Excel

IHS Plug-in Page

Use site contact
if unable to view
a particular file

Security Standards

The HIPAA Security Standards must be applied by health plans, health care clearinghouses, and health care providers to all health information that is maintained or transmitted electronically. The standards are intended to protect both the system and the information it contains from unauthorized access and misuse. Each covered entity must assess its systems for potential risk and vulnerabilities to the health information it houses and develop, implement, and maintain appropriate security measures. The security requirements include:

  • Administrative procedures - security measures to protect data and manage the conduct of personnel in protecting data
  • Physical safeguards - protection of physical computer systems and related buildings from hazards and intrusion
  • Technical security services - processes to protect, control, and monitor information access
  • Technical security mechanisms - processes to prevent unauthorized access to data transmitted over a communications network

The Final Rule adopting HIPAA standards for the security of electronic health information was published in the Federal Register on February 20, 2003. This final rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information. The standards are delineated into either required or addressable implementation specifications. Compliance is required by April 21, 2005.

Security Standards

  • The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Title II) required the Department of Health and Human Services (HHS) to establish national standards for the security of electronic health care information. The final rule adopting HIPAA standards for security was published in the Federal Register on February 20, 2003. This final rule specifies a series of administrative, technial, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information. The standards are delineated into either required or addressable implementation specifications.

    More information can be found for the implementation of this rule at the CMS website.

  • IHS Security Standards Checklist [DOC-87KB]

The IHS effort to comply with the HIPAA Security Standards is being lead by Mr. Timothy Defoggi the IHS Information Systems Security Officer. If you want information on what Mr. Defoggi is doing he can be reached by telephone at 505-248-4166 and email at .

IHS Information Security Status

There is a great deal of cross over between The Federal Information Security Act (FISMA) which applies to Federal programs and the security requirements for HIPAA. The attached matrix [PDF 1MB] demonstrates the areas of crossover. The Indian Health Service has been working to comply with FISMA for several years and by doing this IHS has meet most of the HIPPA security standards. Information on the IHS Information Security Program can be found at the IHS Security Program WEB site. The attached manual [PDF 1.5MB] provides guidelines for navigating IHS Security Program WEB pages. For security reasons this security WEB site is only available to users of the IHS Intranet.

IHS Chief Information Security Officer Guidance for Meeting HIPAA Security Standards.
Accessibility  --  Disclaimers  --  Website Privacy Policy  --  Freedom of Information Act
Kids Page  --  No Fear Act  --  Frequently Asked Questions  --  USA.gov  --  HHS