Encryption is an address implementation specification defined in the Transmission Security Standard in the HIPAA Security Rule. This implementation specification requires that organizations implement a mechanism to encrypt EPHI whenever deemed appropriate.
Organizations need to determine:
- Is encryption reasonable and appropriate for EPHI in transmission?
- Is encryption needed to effectively protect the information?
- Is encryption feasible and cost-effective in this environment?
- What encryption algorithms and mechanisms are available?
- Does the covered entity have the appropriate staff to maintain a process for encrypting EPHI during transmission?
To assist you in the evaluation of e-mail security, anti-virus, anti-spam, or content management solution, that addresses your challenges and meets HIPAA Security requirements, please contact ecfirst.com/HIPAA Academy at 1.877.899.9974 x17 or email Lorna.Waggoner@ecfirst.com to schedule a conference call.
U.S. Government and Security – Complimentary Quick Reference Card Now Available from ecfirst.com, home of the HIPAA Academy.
The Federal Information Security Management Act (FISMA)is Title III of the E-Government Act (Public Law 107-347). It was passed by the 107th U.S. Congress and signed into law by President George W. Bush in December 2002. FISMA requires each U.S. federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor or other source.
Further, the Homeland Security Presidential Directive 12 (HSPD-12) specifies identity management and access control practices for government employees and contractors. FISMA and HSPD-12 are resulting in organizations taking a risk-based, cost-effective approach to securing sensitive information and systems.
THE SEVEN STEPS TO HIPAA SECURITY COMPLIANCE – COMPLIMENTARY EXEC BRIEF PDF.
The HIPAA Security Rule identifies standards and implementation specifications that organizations must meet in order to become compliant. Organizations that access, store, maintain or transmit patient-identifiable information are required by law to meet the HIPAA Security Standards. The HIPAA Academy has developed a comprehensive methodology that includes seven critical steps to achieve complete compliance with the HIPAA Security Rule. For your copy of the executive brief PDF, The Seven Steps to HIPAA Security Compliance.
For more information visit www.aha-solutions.org, contact Lorna Waggoner at 1.877.899.9974 x17 or visit www.HIPAAAcademy.net
HIPAA Tip
1-Click Access to Security Regulations!
HIPAA Academy, the industry’s leading provider of HIPAA training, certification and consulting, has launched the industry’s most comprehensive compliance and security portal. Please visit www.ecfirst.com and click on Compliance Portal. Compliance Portal provides one-click access to all major information security and associated compliance requirements including HIPAA, PCI DSS, ISO 17799:2005 (ISO 27002), FISMA and many others.
On-Site HIPAA Training. Get HIPAA Academy to Your Site!
Save Time and Money
HIPAA Academy, the industry’s leading provider of HIPAA training, certification and consulting, has delivered content and exams for HIPAA Academy’s Certified HIPAA Professional (CHP) and the Certified Security Compliance Specialist™ (CSCS™) to organizations at their site. Get HIPAA Certified at your site. We can customize the content to meet your requirements. Our clients include many hospitals, long term care organizations, BCBS, several business associates and leading firms such as IBM, HP, E&Y, Kaiser Permanente and others. For details, please visit www.HIPAAAcademy.Net.
