Texas Medical Systems
Company Solutions Support Training Spacer
 

>
Clearinghouse
>
Medical Records
>
HIPAA
 
>
Code Sets
 
>
Unique Identifiers
 
>
Privacy Rule
 
>
Security Rule
 
>
Administrative
 
>
Links
>
Hardware
>
Leasing
>
Home


HIPAA

 

ADMINISTRATIVE POLICIES AND PROCEDURES

This section of the regulations establishes a management structure that identifies roles and responsibilities for security oversight and operational aspects of data management. This formalized plan demonstrates the organization's commitment to safeguard protected health information (PHI). The plan has established security goals that facilitate prevention, detection, containment and correction of security breaches. All covered entities must document the execution of the compliance plan, including regular reports to senior management about the program and education of how security values, policy and processes are effectively communicated to employees.

PHYSICAL SAFEGUARDS

All covered entities will be required to ensure the physical safety of PHI as well as the hardware used to store and transmit it. These measures include physical access and media controls, secure workstation locations and detailed polices and guidelines on workstation use. These guidelines will include measures such as supervision of contractors in secure areas, maintaining an audit trail of all access and establishing appropriate controls when sending equipment off site. All employees should be trained in appropriate physical safeguard and security practices.

TECHNICAL SECURITY SERVICES

Technical security services protect, control and monitor access to information. These include the authentication of data and entities involved in transaction processing as well as establishing and maintaining audit controls.

TECHNICAL SECURITY MECHANISMS

The prevention of unauthorized access to electronically transmitted data is provided by technical security mechanisms. These establish procedures regarding communications and network controls for data in transit that include integrity controls, alarms and adverse event reporting.

HIPAA REGULATIONS: COMPLIANCE SCHEDULE

The Department of Health and Human Services has published Notices of Proposed Rule Making (NPRM) and is in the process of publishing the final rules, as well as implementation guidelines for each of the HIPAA-related regulations. The following summarizes the current status and timing for each of the HIPAA regulations:

HIPAA Category Compliance Date
EDI Transactions and Code Sets October 16, 2002 or 2003 with ASCA Extension.
Claims Attachments Unknown
National Provider Identifier Unknown
Standard Unique Employer Identifier July 30, 2004
National Health Plan Identifier Unknown
National Individual Identifier Unknown
Data Security Unknown*
Patient Privacy April 14, 2003
Enforcement Unknown

*It is anticipated that the data security regulations will be finalized in 2002.

 
Copyright 2006 — Texas Medical Systems Inc.