HIPAA Security Should Begin with Your ePHI Inventory
HIPAA Security Rule is about protecting ePHI and ensuring the confidentiality, integrity, and accessibility of this sensitive information. The rule provides for administrative, physical and technical safeguards. It also includes terminology such as security Evaluation (45 CFR 164.308 (a) (8) and Risk Analysis (45 CFR 164.308 (a)(1)(ii)(A) which can lead to some confusion among those not deeply familiar with the nuances of the rule. There are other resources such as NIST 800-30 that provide a more detailed framework for conducting risk analysis. This article in Healthcare ITNews provides a set of steps for covered entities to follow as best practice for protection of patient information and addressing risk analysis requirement for meaningful use funding.
About IDX
We're your proven partner in digital privacy protection with our evolving suite of privacy and identity products.