Institute:Office of National Coordinator (ONC) Workforce Training Curriculum
Component:The Culture of Health Care
Unit:Privacy, Confidentiality, and Security
Lecture:HIPAA Security Rule
Slide content:Required Safeguards Grouped into three categories Administrative: Policies and procedures designed to prevent, detect, contain, and correct security violations Physical: Protecting facilities, equipment, and media Technical: Implementing technological policies and procedures Following slides from Security 101 6
Slide notes:What are the required safeguards? They are grouped into three categories: administrative, physical, and technical. Administrative safeguards are policies and procedures that are designed to prevent, detect, and contain security violations. Physical safeguards include protecting facilities, equipment, and media where medical information is stored. Technical safeguards are various technical policies and procedures governing use of and access to PHI. The following slides show some features from each category, though these arent exhaustive. The overview article referenced earlier further enumerates all of these safeguards, as do many other sources of information. Security risk assessment is very similar to the risk analysis presented in Lecture c on the HIPAA Privacy Rule. Oversight and management of both the security and privacy risk assessment ideally should tie into the organizations overall governance and risk management program. 6