|
technical
safeguards, security (HIPAA)
HIPAA's Security
Rule divides its protections into three "safeguard"
categories: technical (discussed here), administrative
and physical.
Each safeguard category includes various standards
and implementation specifications.
The Rule
defines technical safeguards as "the technology and the
policy and procedures for its use that protect electronic
protected health information
[PHI] and control access to it." Earlier versions
of the Rule further divided the category into "technical
security mechanisms" and "technical security services."
The technical safeguards
standards and specifications are presented in the matrix below.
(For more information on a particular standard, follow the
link in the left column.) Note
that the listing is very generic, reflecting the regulation's
aims of "technology neutrality" and "scalability."
| Standard(s) |
CFR
section |
Implementation
Specification
(r)=required;
(a)=addressable |
| access
control |
164.312
(a)(1) |
unique user
identification (r) |
| emergency
access procedure (r) |
| automatic
logoff (a) |
| encryption
and decryption (a) |
| audit
controls |
164.312(b) |
(r) |
| integrity |
164.312(c)(1) |
mechanism
to authenticate electronic PHI (a) |
| person
or entity authentication |
164.312(d) |
(r) |
| transmission
security |
164.312(e)(1) |
integrity
controls (a) |
| encryption
(a) |
Source: Appendix
A to Subpart C of Part 164
See also:
|
