HIPAA Information on Security Requirements and Vulnerability Assessment Required
The Health Insurance Portability and Accountability Act establishes security and vulnerability assessment requirements to protect electronic health information. Security requirements include technical and nontechnical safeguards for electronic health information. Vulnerability assessments assist in determining which safeguards are appropriate for each health care provider/organization.-
Protected Information
-
HIPAA security requirements apply to all electronically stored, transferred, and/or transmitted identifiable health information. Individual identifiable health information includes but is not limited to names, addresses, health insurance information, payment information, health history, treatment plans, diagnoses, Social Security number, and phone numbers.
Technical Safeguards
-
Technical requirements apply to computers and other electronic devices that contain health information. Health care organizations must install electronic security hardware or software, protect electronic network transmission and allow few authorized individuals access to electronic health information. Additionally, HIPAA requires written policies and procedures of electronic security measures.
Nontechnical Safeguards
-
Designate a security officer who is responsible for security policies and procedures. Provide HIPAA security training on a regular basis, typically annually. Limit access to all areas and grant access to only those employees or patients for whom it is absolutely necessary. This includes work areas and exam rooms.
Vulnerability Assessment
-
HIPAA requires continual vulnerability assessments that review, track, record and evaluate security measures for risks, incidents and effectiveness. The vulnerability assessment plan should be included with policies and procedures. Typically, the security officer writes, develops and implements the vulnerability assessment on a quarterly basis.
-