Institute:Office of National Coordinator (ONC) Workforce Training Curriculum
Component:The Culture of Health Care
Unit:Privacy, Confidentiality, and Security
Lecture:HIPAA Security Rule
Slide content:Technical Safeguards Access control Unique user identification (R) Emergency access procedure (R) Automatic logoff (A) Encryption and decryption (A) Audit controls (R) Integritymechanism to authenticate electronic PHI (A) Person or entity authentication (R) Transmission security Integrity controls (A) Encryption (A) 10
Slide notes:The third and final category is technical safeguards. This includes issues such as access control. According to the specifications, every user of a system containing PHI is required to have a unique, personal user identification, and there needs to be emergency access to information when appropriate. One addressable specification is automatic logoff. Institutions must decide how quickly they want a system to automatically log off a user; in operational settings, different groups have different ideas on the length of time before automatic logoff should occur. Encryption and decryption are listed as addressable specifications because the developers of the HIPAA security regulations realized that the technology would be changing and that people within organizations would be able to make the best decisions on specific encryption and decryption needs. Audit controls are required under the technical safeguards, while integrity mechanisms that authenticate PHI are addressable. Authentication of the individual and/or the institution is a required specification; transmission security is addressable. 10