HIPAA Administrative Simplification Regulation Text March 2013 electronic protected health (D) Information system activity (C) Termination procedures information, and update review
HIPAA Administrative Simplification Regulation Text March 2013 electronic protected health (D) Information system activity (C) Termination procedures information, and update review (Required). Implement (Addressable). Implement documentation of such security procedures to regularly review procedures for terminating measures in accordance with records of information system access to electronic protected $ 164.316(b)(2)(iii). activity, such as audit logs, health information when the access reports, and security employment of, or other [68 FR 8376, Feb. 20, 2003; 68 incident tracking reports. arrangement with, a workforce FR 17153, Apr. 8, 2003; 78 FR member ends or as required by 5693, Jan. 25, 2013] (2) Standard: Assigned security determinations made as responsibility. Identify the specified in paragraph $ 164.308 Administrative security official who is (a)(3)(ii)(B) of this section. safeguards. responsible for the development and implementation of the (4)(i) Standard: Information (a) A covered entity or business policies and procedures required access management. Implement associate must, in accordance by this subpart for the covered policies and procedures for with $ 164.306: entity or business associate. authorizing access to electronic protected health information that (1)(i) Standard: Security (3)(i) Standard: Workforce are consistent with the applicable requirements of management process. security. Implement policies and procedures to ensure that all subpart E of this part Implement policies and procedures to prevent, detect, members of its workforce have contain, and correct security appropriate access to electronic (ii) Implementation violations. protected health information, as specifications. provided under paragraph (a)(4) of this section, and to prevent (ii) Implementation (A) Isolating health care those workforce members who specifications clearinghouse functions do not have access under (Required). If a health care paragraph (a)(4) of this section (A) Risk analysis (Required). clearinghouse is part of a larger from obtaining access to Conduct an accurate and organization, the clearinghouse electronic protected health thorough assessment of the must implement policies and information. procedures that protect the potential risks and electronic protected health vulnerabilities to the (ii) Implementation information of the clearinghouse confidentiality, integrity, and specifications: from unauthorized access by the availability of electronic protected health information larger organization. held by the covered entity or (A) Authorization and/or business associate. supervision (Addressable). (B) Access authorization Implement procedures for the (Addressable). Implement authorization and/or supervision (B) Risk management policies and procedures for of workforce members who granting access to electronic (Required). Implement security work with electronic protected protected health information, for measures sufficient to reduce health information or in example, through access to a risks and vulnerabilities to a locations where it might be workstation, transaction, reasonable and appropriate level accessed. program, process, or other to comply with $ 164.306(a). mechanism. (B) Workforce clearance (C) Sanction policy (Required). procedure (Addressable) (C) Access establishment and Apply appropriate sanctions Implement procedures to modification (Addressable). against workforce members who determine that the access of a Implement policies and fail to comply with the security workforce member to electronic procedures that, based upon the policies and procedures of the protected health information is covered entity’s or the business covered entity or business appropriate. associate’s access authorization associate. policies, establish, document, review, and modify a user’s right 64
Using the HIPAA MANUAL, read Section 164.308(a) (2) on page 64 regarding assigned security responsibility. Then read the scenario and answer the question below.
Scenario: Doctors Smith, Robinson, and Rose operate a small general practice in which they share equal ownership and responsibilities. Because they value the principle of equality, they decide that they will be equally responsible for ensuring their practice complies with HIPAA security rules.
1. Using and citing the relevant section(s) of the HIPAA Manual, what would you advise the doctors to do regarding responsibility for HIPAA security rule compliance? Why?
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
