Oct 7, 2020
6 minutes read
Patient confidentiality is one of the most important aspects between a healthcare provider and a patient. Confidentiality strengthens the trust of a patient-physician relationship and ensures the quality of care and patient autonomy. Prior to the implementation of HIPAA, the healthcare industry lacked a set standard or requirements regarding the protection of health information. Simultaneously, the industry was moving towards implementing technology to process clinical and administrative tasks. The increased implementation of technology within the industry has allowed for a more efficient and accessible system. However, it has also increased the risk of potential breaches in privacy.
Why was the Security Rule created?
In order to help combat potential security risks, the HIPAA Security Rule was created under the Health Insurance Portability and Accountability Act of 1996. This law required the U.S. Department of Health and Human Services (HHS) to devise regulations to help protect the privacy and security of patients’ health information. The Security Rule specifically, was created to protect information and set a standard on how Electronic Protected Health Information (e-PHI) is held and transmitted. The Security Rule addresses technical and non-technical safeguards surrounding e-PHI and how organizations known as “covered entities” put these safeguards into place.
What information is protected under the Security Rule?
The Security Rule is intended to protect a subset of “individually identifiable health information” covered by the Privacy Rule that is also created, received, maintained, and transmitted through electronic means. Individually identifiable health information includes but is not limited to; name, address, date of birth, social security number, individual’s past, present or future physical or mental health or condition, etc. If the health information is “de-identified”, meaning the individual’s identity cannot be revealed, the information is no longer required to be protected under the Security Rule.
What does the Security Rule entail?
The Security Rule describes the administrative, physical, and technical safeguards that should be put in place to protect patient in.
Administrative safeguards include;
Physical Safeguards
Technical Safeguards
Who is Required to implement the Security Rule?
The Security Rule only applies to “covered entities” as defined by the HSS. Covered entities include health plans, healthcare clearinghouses, and healthcare providers. Other entities are covered under Security Rule but are held to the same expectations.
What are the ramifications for not implementing the Security Rule?
Noncompliance to the Security rule can result in civil money penalties and/or criminal penalties. Civil money penalties are imposed by the HHS and can range from $100 to up to $25,000 per year for multiple violations. Criminal penalties range from $50,000 to $250,000 and may be subject to imprisonment for 1-10 years based on violation and intent. Willful neglect and violations carry greater penalties and punishments.
How to assess Security risk?
The Office of the National Coordinator for Health Information Technology (ONC) and the HHS has developed tools that reveal potential risks within a covered entities’ system. To ensure your entity is compliant with the Security Rule you may check out the Security Risk Assessment Tool here.
How to ensure compliance to the Security Rule?
It is important that all members handling Personal Health Information within a covered entity are adequately trained and compliant to the rules and regulations of HIPAA.
To learn more about Healthcare Compliance, the Accreditation Council for Medical Affairs offers a 90-minute attestation on HIPAA Privacy, HIPAA Security, Fraud and Abuse, PhRMA code, and Advamed Code of Ethics.
References
Journal, H. (2018, March 08). Why is HIPAA Important to Patients? Retrieved August 05, 2020, from https://www.hipaajournal.com/why-is-hipaa-important-patients/
N. (2007, February 02). HIPAA Privacy Rule and Its Impacts on Research. Retrieved August 06, 2020, from https://privacyruleandresearch.nih.gov/pr_06.asp
Nass, S. (1970, January 01). The Value and Importance of Health Information Privacy. Retrieved August 07, 2020, from https://www.ncbi.nlm.nih.gov/books/NBK9579/ Secretary, H., & (OCR), O. (2017, May 12). The Security Rule. Retrieved August 07, 2020, from https://www.hhs.gov/hipaa/for-professionals/security/index.html
PACS Links
What is PACS?
PACS reviews
Why certify?
PACS price
PACS recertification
PACS extension
PACS FAQs
Quick contact
info@acmainfo.org