As you know, the objective of the Transmission Security (§ 164.312(e)(1)) HIPAA Standard is for covered entities to implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network. This requires that organizations develop policies and procedures to address this HIPAA Security Standard.
You need to determine if:
- Have the requirements been discussed and agreed to by identified key personnel involved in transmitting EPHI?
- Has a written policy been developed and communicated to system users?
Organizations must develop their policies to address requirements in this area. For example, sample statements that may be included in a Transmission Security Policy are:
<<Organization name>> will develop security policies to identify core activities for the Integrity Controls and Encryption implementation specifications.
<<Organization name>> will maintain integrity controls to ensure the validity of information transmitted over the network infrastructure.
<<Organization name>> will implement encryption or other capabilities to protect sensitive information transmissions over open or private networks to ensure that such transmissions are not easily intercepted and interpreted by parties other than the intended recipient.
ISO 27002: International Security Standard
Besides the U.S. regulations that organizations need to be compliant with, a really valuable reference to be familiar with is the ISO 27002 (ISO 17799:2005) – international security standard. For a free quick reference card on the ISO 27002 international security standard, please contact AHA Solutions at technologysolutions@aha.org.
For more information visit www.aha-solutions.org, contact Lorna Waggoner at 1.877.899.9974 x17 or visit www.HIPAAAcademy.net
HIPAA Tip
COMPLIMENTARY 2-DAY CHP PROGRAM DELIVERED AT YOUR SITE
Get HIPAA certified at your site. For a complimentary 2-day Certified HIPAA Professional (CHP) program delivered at your site, please contact Lorna Waggoner at 1.877.899.9974 x17 or visit www.HIPAAAcademy.net.Only qualified organizations will be considered. Session will be confirmed after review by the HIPAA Academy. Certain terms and conditions apply. To schedule your complimentary 2-day CHP program on-site, please contact AHA Solutions at technologysolutions@aha.org
INFORMATION SECURITY POLICY TEMPLATES
For a complete set of information security policy templates to address compliance and security requirements, please visit www.ecfirst.com. Hundreds of organizations have downloaded these templates to create tailored policies for their organization. To discuss your requirements, please contact Lorna.Waggoner@ecfirst.com or call her at 1.877.899.9974 x17.
