|
Security Standard The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) required the Department of Health and Human Services (HHS) to establish national standards for the security of electronic health care information. The final rule adopting HIPAA standards for security was published in the Federal Register on February 20, 2003. This final rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information. The standards are delineated into either required or addressable implementation specifications. The National Institute of Standards and Technology (NIST), publishes its "Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (SP 800-66 REV 1)." In an ongoing effort to provide HIPAA covered entities with resources related to HIPAA security, CMS is pleased to announce that NIST has published a Special Publication 800-66 Revision 1, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. This special publication (SP), which discusses security considerations and resources that may provide value when implementing the requirements of the HIPAA Security Rule, was written to help educate readers about information security terms used in the HIPAA Security Rule and to improve understanding of the meaning of the security standards sets out in the Security Rule, direct readers to helpful information in other NIST publications on individual topics the HIPAA Security Rule addresses, and aid readers in understanding the security concepts discussed in the HIPAA Security Rule. Please note that this publication does not represent guidance published by or on behalf of CMS nor does it supplement, replace, or supersede the HIPAA Security Rule which is enforced by CMS. To view this document, please see the link in the Related Links Outside CMS section below. HIPAA Security Guidance for Remote Use of and Access to Electronic Protected Health Information CMS has prepared guidance to provide HIPAA covered entities with general information on the risks and possible mitigation strategies for remote use of and access to Electronic Protected Health Information (EPHI). CMS has delegated authority to enforce the non-privacy provisions of the HIPAA Regulations, to include HIPAA Security. This guidance document sets forth CMS' minimal compliance expectations for covered entities seeking to safeguard EPHI that is accessed, stored or transported offsite. Please note however that this document does not seek to provide a comprehensive list of risks and mitigation strategies but rather a general list of suggestions for organizations that require remote use of sensitive health information. To view this document, please see the link on the Download section below. HIPAA Security Educational Paper Series There are seven papers in the HIPAA Security Educational Paper Series. The papers currently available include: "Security 101 for Covered Entities", "Security Standards Administrative Safeguards", "Security Standards Physical Safeguards", "Security Standards Technical Safeguards", "Security Standards Organizational, Policies and Procedures and Documentation Requirements" and "Basic of Risk Analysis and Risk Management". On December 12, 2007 CMS announced the publication of a new HIPAA security educational paper entitled "Security Standards Implementation for the Small Provider". This document is the seventh and final in the series of HIPAA Security Educational Papers and is intended to assist small health care providers with coming into or maintaining compliance with the Security Rule. To view these papers, see the link in the Related Links Inside CMS section below.
Page Last Modified: 10/30/2008 2:12:27 PM
Help with File Formats and Plug-Ins
Submit Feedback
|
Email
Print