Medicare Compliance & Reimbursement

HIPAA:

Top 5 Questions On The HIPAA Security Rule

Published on Thu Aug 26, 2004

Good news: CMS offers more guidance on HIPAA.

Security rule questions got you scratching your head? You may find what you're looking for on the Centers for Medicare and Medicaid Services' Web site. The agency listed 12 new and updated answers to frequently asked questions Aug. 12.

Here's the lowdown:
      Does the Health Information Portability and Accountability Act allow for sending electronic protected health information in an email or over the Internet? Sending PHI via e-mail or over the Internet is allowed as long as access is protected. Covered entities are required to implement policies and procedures that protect the integrity of PHI and guard against unauthorized access.
      Do the security rule requirements for access control apply to employees who work from home? Yes. The automatic logoff specification or an equivalent alternative safeguard must be implemented. Policies and procedures authorizing access to PHI should also be in place.
What is the difference between risk analysis and risk management? Risk analysis may include taking a close look at all systems/applications that are used to access and house data, and classifying them by risk. Risk management, however, is the implementation of security measures to reduce the risk of losing or compromising PHI.
      How will we know if our organization and our systems are compliant? Rest assured, no single HIPAA compliance strategy will fit every organization. Compliance includes performing a risk analysis, implementing reasonable security measures and documenting/maintaining policies, procedures and other required documentation.
Are we required to "certify" our organization's compliance? No specification requires you to "certify" compliance with the security rule standards. The evaluation standard requires a technical and non-technical evaluation that can be performed internally or by external "certification" services.

To view more FAQs, go to http://questions.cms.hhs.gov/cgi-bin/cmshhs.cfg/php/enduser/std_alp.php; under category 'HIPAA,' type 'security' in the search text.

You’ve reached your limit of free articles. Already a subscriber? Log in.

Not a subscriber? Subscribe today to continue reading this article. Plus, you’ll get:

Simple explanations of current healthcare regulations and payer programs
Real-world reporting scenarios solved by our expert coders
Industry news, such as MAC and RAC activities, the OIG Work Plan, and CERT reports
Instant access to every article ever published in your eNewsletter
6 annual AAPC-approved CEUs*
The latest updates for CPT®, ICD-10-CM, HCPCS Level II, NCCI edits, modifiers, compliance, technology, practice management, and more

*CEUs available with select eNewsletters.