Institute:Office of National Coordinator (ONC) Workforce Training Curriculum
Component:The Culture of Health Care
Unit:Privacy, Confidentiality, and Security
Lecture:HIPAA Security Rule
Slide content:Other Regulations Business associates and subcontractors are required to Implement safeguards to protect covered entitys PHI Ensure its agents meet same standards Report to covered entity any security incident Documentation of covered entity must be Maintained for six years Available to those responsible for implementing Reviewed and updated periodically HITECH meaningful use criteria specify use of various encryption standards (e.g., AES, TLS, IPsec, SHA-2) 11
Slide notes:Business associates and all related subcontractors are required to implement safeguards to protect a covered entitys PHI and report back to the covered entity any security incident. Business associates and subcontractors are subject to all breach notification rules when the number of patient records breached exceeds five hundredthat is, the breach must be reported to the local media and to the HHS Office for Civil Rights. There are also regulations regarding the documentation of entity security practices and procedures that must be maintained for six years. The documentation must be made available to those responsible for implementing security, and it must be reviewed and updated periodically. The meaningful use criteria of the HITECH Act also specify various government encryption standards, discussed in a previous lecture, such as advanced encryption standard (AES), the standard for encryption and decryption; transport layer security (TLS) and Internet Protocol Security (IPsec) [eye-pee- sehk ] , which cover how information moves across networks; and the latest secure hash algorithms (SHA-2) [S-H-A-two] , which verify that information is transmitted intact from one point to another. 11