|  | Healthcare Industry | General Healthcare Industry

HIPAA Functional Network System Requirements

Health care providers, health care plans, health care clearinghouses and Medicare prescription drug card sponsors that transmit patient information electronically are required to adhere to the Health Insurance Portability and Accountability Act Security Rule. The HIPAA Security Rule was established to protect the confidentiality, availability and integrity of EPHI, or Electronic Protected Health Information, submitted through functional network systems.

  1. General Rules

    • "Security Standards: General Rules" as listed in the HIPAA Security Rule section stipulate that network systems transmitting EPHI must ensure the confidentiality, integrity and availability of EPHI that it creates, receives or transmits. Furthermore, protection against reasonably anticipated threats or hazards to the security or integrity, as well as protection against reasonably anticipated uses or disclosures of EPHI that are not permitted by the privacy rule, must be also be ensured.

    Administrative, Physical and Technical Safeguards

    • Administrative safeguards stipulate that actions, policies and procedures to manage the selection, development, implementation and maintenance of security measures to protect EPHI, as well as manage the conduct of the covered entity's workforce, must be maintained.

      Physical safeguards are described as the physical measures, policies and procedures necessary to protect a covered entity's EPHI. Furthermore, related buildings and equipment must also be safeguarded from natural and environmental hazards.

      Technical safeguards include the technology--and the policy and procedures for its use--that protect EPHI and control access to it, which also protects it against unauthorized intrusions.

    Organizational and Documentation Requirements

    • The Security Rule mandates that policies and procedures documentation show the implementation of rules and regulations to comply with the standards, implementation specifications and other requirements.

      Organizational requirements include setting standards for business associate contracts and other arrangements, which are properly documented. A process that shows all employees are aware of the implemented standards and rules must also be documented. All memos of understanding between a covered entity and a business associate when both entities are government organizations, as well as requirements for group health care plans, must also show acknowledgment by employees of the rules and regulations set forth by the employer.

      Written documentation (which may be electronic) and/or records that include policies, procedures, actions, activities or assessments required by the Security Rule must be maintained. Finally, retention, availability and update requirements related to all, including employee, acknowledgment.

General Healthcare Industry - Related Articles