HIPAA
HIPAA Implementation
Clearance must be obtained before accessing systems containing ePHI, and measures must be implemented to limit access to ePHI and revoke access when individuals change roles or leave the organization.
Conduct risk analyses, implement measures to reduce risks and vulnerabilities, implement a workforce sanctions policy, and implement review procedures.
The HIPAA Security Officer is in charge of making, implementing, and enforcing Security Rule policies and processes. The HIPAA Security Officer may play also the role of HIPAA Privacy Officer.
This standard also includes implementation specifications for automatic logoff, encryption, and emergency access procedures, in addition to user identification and password management.
In addition to the preceding standard, controls must be implemented to prevent unlawful modification or destruction of ePHI. This is for the purpose of mitigating both internal and external hazards.
In contrast to the Integrity Controls standard, which applies to ePHI when accessed by an authorized user, this standard requires the implementation of safeguards to ensure the integrity of ePHI in transit and prevent its unauthorized destruction.
