60 likes | 168 Views
HIPAA Security Regulations. Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004. Health Insurance Portability & Accountability Act of 1996 (“HIPAA”). Standard Electronic Transactions – October 16, 2003 Privacy Rule -- April 14, 2003 Security – April 21, 2005.
E N D
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004
Health Insurance Portability & Accountability Act of 1996 (“HIPAA”) • Standard Electronic Transactions – • October 16, 2003 • Privacy Rule -- April 14, 2003 • Security – April 21, 2005
Security Regulations Objectives • Keep electronic records confidential • Keep records accessible to members • Use records for intended purposes only • Protect integrity of records from • Hackers • Viruses • Unauthorized disclosures • Inadvertent destruction
HIPAA Security Regulations • Standards for • Administrative Safeguards • Physical Safeguards • Technical Safeguards • Organizational Requirements • Policies & Procedures • Training & Sanctions
HIPAA Security Regulations • Assessment of your organization’s current electronic security environment • Required standards • Addressable standards • Examples of Required Standards: • Security incident procedure, data backup plan, disaster recovery plan, emergency mode operation plan
HIPAA Security Regulations • By April 21, 2005 • Designate a security official • Address the required measures • Consider the addressable measures • Document your policies and procedures • Update Business Associate Agreements • Train the workforce