HLP Networks has blended the six step risk management process of the National Institute of Standards and Technology (NIST) with the experience and wisdom of our staff to deliver a first in class approach to HIPAA compliancy. We remove the confusion and burden from protecting your data against accidental and intentional disclosure.
The Health Insurance Portability and Accountability Act (HIPAA) Security Rule is the most important and confusing information technology topic in the medical industry today. The Security Rule – the technical portion of the regulation – is just one small component of HIPAA. At a high level, the HIPAA Security Rule was designed to protect confidential medical information. However, the nitty-gritty details of compliancy can flare trepidation in even the most tenured technology professionals.
The HIPAA Security Rule is separated into six main sections. Each section includes standards and implementation specifications that must be addressed by a covered entity. The six sections are as follows:
- Security Standards: General Rules – Includes all general requirements
- Administrative Safeguards – Administrative actions to protect medical information
- Physical Safeguards – Physical measures to protect sensitive medical information
- Technical Safeguards – The technology that protects sensitive medical information
- Organizational Requirements – Standards for Business and Associate contracts
- Policies/Procedures/Documentation Requirements – Implementation of appropriate policies
NIST Six Step Risk Management Process
The Center for Medicare and Medicaid Services (CMS) has been tasked with enforcing the HIPAA Security Rule and they are beginning to flex their muscles. The first penalty for non-compliance was issued to Providence Health and services in July 2008. And based on the 100k fine, CMS means business.