2. Commercial Products or� Medical Devices ?
3. Case Study - Wound Care
4. HIPAA Security Requirements 3 Basic types of safeguards:
Administrative
How to deactivate access
When is activity logged
Physical
Where are devices located
How is physical access to systems and/or ePHI accomplished
Technical
What is electronic?
Encryption
5. ePHI – Electronic Personal Health Information
6. HIPAA within Traditional Healthcare IS
7. Workstation Security & Use Generally refers to any desktop computer or portable device (such as laptop, PDA, or Flashdrive) used to conduct treatment, payment or operations in delivery health care.
8. Information System Activity Review Record and regularly review records of activity on its information systems that contain or use electronic protected health information (ePHI). Activity, logs, and audit mechanisms should be reviewed regularly.
9. Electronic Media Movement All movement of ePHI should be approved appropriately, tracked and logged. Transmission media include (but not necessarily limited to) the Internet, leased lines, dial-up lines, and private networks.
Certain transmissions of paper, facsimile, and of voice, via telephone are not considered transmissions via electronic media because the information being exchanged did not exist in electronic form before the transmission.
10. Unique User ID and Authentication Access to information systems should be via user identifiers that uniquely identify staff and enable activities to be traced to a specific person.
Authenticate persons or entities rights to access particular systems or ePHI.
11. Transmission Security & Integrity Controls All ePHI transmitted over electronic communications networks must be sent on “need-to-know” basis only. The transmission needs to be sufficiently protected from interception and alteration.
12. HIPAA Security Requirements
13. Wound Care Cell Phone
14. Wound Care Cell Phone - continued
