What is HIPAA? HIPAA: Health Insurance Portability and Accountability Act It was passed by Congress in 1996 It includes requirements for: Transfer and continuation of health insurance coverage for millions of American workers and their families when they change or lose their jobs Reducing healthcare fraud and waste The protection and confidential handling of protected health information HIPAA Security Rule Establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. Requires appropriate safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. Safeguards include: Administrative Physical Technical Administrative Safeguards HIPAA security rule requires covered entities to implement the following administrative safeguards: Security Management Process Security Personnel Information Access Management Workforce Training Evaluation Physical Safeguards The security rule requires covered entities to implement physical safeguards such as: Facility Access and Control Access can be restricted through use of access cards, biometric scanners, keys, pass codes and so on Workstation and Device Security Develop and implement policies for workstation and device security Implement unique password/user ids for each user Proper user logs and records should be maintained Technical Safeguards The security rule requires a covered entity to implement technical safeguards such as: Access Controls Audit Controls Integrity Controls Transmission Security Want to learn more about HIPAA, HIPAA Privacy and Security Rule, its requirements and best practices to comply with them? ComplianceOnline webinars and seminars are a great training resource. Check out the following links: How to examine security policies, practices, and risk issues to comply with HIPAA How to use social media and texting without breaking HIPAA rules How to Conduct risk analysis to comply with HIPAA HIPAA/HITECH Assessment for Healthcare Business Associates How to comply with HIPAA Omnibus Rule Understanding new rules and responsibilities of Privacy Officer under HIPAA HIPAA Security and Breach Rule Compliance For more details Visit us at:http://www.complianceonline.com/the-new-hipaa-audit-program-focus-webinar-training-703180-prdw?channel=ppt-slideshare

1. Complying with HIPAA
Security Rule

2. What is HIPAA?
• HIPAA: Health Insurance Portability and
Accountability Act
• It was passed by Congress in 1996
• It includes requirements for:
– Transfer and continuation of health insurance
coverage for millions of American workers and their
families when they change or lose their jobs
– Reducing healthcare fraud and waste
– The protection and confidential handling of protected
health information

3. HIPAA Security Rule
• Establishes national standards to protect individuals’
electronic personal health information that is created,
received, used, or maintained by a covered entity.
• Requires appropriate safeguards to ensure the
confidentiality, integrity, and security of electronic
protected health information.
• Safeguards include:
– Administrative
– Physical
– Technical

4. Administrative Safeguards
HIPAA security rule requires covered entities to
implement the following administrative
safeguards:
• Security Management Process
• Security Personnel
• Information Access Management
• Workforce Training
• Evaluation

5. Physical Safeguards
The security rule requires covered entities to
implement physical safeguards such as:
• Facility Access and Control
– Access can be restricted through use of access cards,
biometric scanners, keys, pass codes and so on
• Workstation and Device Security
– Develop and implement policies for workstation and device
security
– Implement unique password/user ids for each user
– Proper user logs and records should be maintained

6. Technical Safeguards
The security rule requires a covered entity to
implement technical safeguards such as:
• Access Controls
• Audit Controls
• Integrity Controls
• Transmission Security

7. Want to learn more about HIPAA, HIPAA Privacy and Security
Rule, its requirements and best practices to comply with
them? ComplianceOnline webinars and seminars are a great
training resource. Check out the following links:
• How to examine security policies, practices, and risk issues
to comply with HIPAA
• How to use social media and texting without breaking
HIPAA rules
• How to Conduct risk analysis to comply with HIPAA
• HIPAA/HITECH Assessment for Healthcare Business
Associates
• How to comply with HIPAA Omnibus Rule
• Understanding new rules and responsibilities of Privacy
Officer under HIPAA
• HIPAA Security and Breach Rule Compliance