NY Times Article Highlights Need to Focus on and Safeguard HIPAA Protected Health Information (PHI) Identifiers

August 11, 2014.  The August 10, 2014, Sunday, New York Times had a front-page article by Anemona Hartocollis entitled:  “Baby Picture at Doctor’s?  Cute, Sure, but Illegal.”  We commend this article to your attention because what is seemingly innocuous can be a violation of privacy under the HIPAA Administrative Simplification Rules.  The federal Code of Federal Regulations (CFR) lists 18 identifiers that comprise, alone or in combination, protected health information, or PHI, that must be removed to ensure that it cannot be used to identify “individually identifiable health information”.  [45 CFR 164.514(a)-(c)]  These identifiers are:

 

CFO Magazine Highlights Cost of Safeguards in Article on McKinsey Research: The Rising Strategic Risks of Cyber Attacks

Earlier this month, we commended your attention to the referenced McKinsey Research, which CFO Magazine has picked up in its online May 16, 2014, weekly briefing at http://ww2.cfo.com.  I revisit the McKinsey Research in this article because it has an important statement regarding the costs of security measures as stated in the Flexibility of Approach general requirements for complying with the HIPAA Security Rule at 45 CFR 164.306(b):

 

How to Manage Passwords: A Cautionary Tale

HIPAA Safeguard commends to the attention of Security Officials of covered entities and business associates and to individual workforce members of those organizations the May 6, 2014, Wall Street Journal article entitled:  “The Best Way to Manage All Your Passwords:  Rating Secure Password Managers Dashlane, LastPass, 1Password, PasswordBox,” which is online at:  http://online.wsj.com/news/articles/SB10001424052702303647204579545801399272852?mod=WSJ_article_EditorsPicks.   Under the HIPAA Security Rule, the Security Official is responsible for implementing policies and procedures—based on findings from a risk analysis—for managing passwords under the Administrative Safeguard Security Awareness and Training standard:

ONC Provides Security Risk Assessment Tool: (3)—Technical Safeguards

The Office of the National Coordinator for Health Information Technology (ONC) of the Department of Health and Human Services (HHS) has created a Security Risk Assessment Tool in three parts—Administrative Safeguards, Physical Safeguards, and Technical Safeguards, totaling 436 pages.  Technical Safeguards is the third of three postings on these safeguard tools, is 140 pages in length, and can be downloaded at:  http://www.healthit.gov/providers-professionals/security-risk-assessment-tool by clicking on:  Technical Safeguards [DOCX 240 KB] just above the disclaimer at the bottom of the page.

ONC Provides Security Risk Assessment Tool: (2)—Physical Safeguards

The Office of the National Coordinator for Health Information Technology (ONC) of the Department of Health and Human Services (HHS) has created a Security Risk Assessment Tool in three parts—Administrative Safeguards, Physical Safeguards, and Technical Safeguards, totaling 436 pages.  Physical Safeguards is the second of three postings on these safeguard tools, is 104 pages in length, and can be downloaded at:  http://www.healthit.gov/providers-professionals/security-risk-assessment-tool by clicking on:  Physical Safeguards [DOCX 225 KB] just above the disclaimer at the bottom of the page.

 

Categories



Archives

  • October 2017 (1)
  • August 2017 (3)
  • July 2017 (1)
  • June 2017 (7)
  • May 2017 (12)
  • April 2017 (10)
  • March 2017 (2)
  • February 2017 (3)
  • January 2017 (4)
  • December 2016 (4)
  • November 2016 (7)
  • October 2016 (7)
  • September 2016 (2)
  • August 2016 (1)
  • July 2016 (3)
  • June 2016 (1)
  • May 2016 (1)
  • April 2016 (8)
  • March 2016 (6)
  • February 2016 (2)
  • December 2015 (1)
  • November 2015 (1)
  • October 2015 (4)
  • September 2015 (1)
  • June 2015 (8)
  • May 2015 (3)
  • April 2015 (2)
  • March 2015 (1)
  • November 2014 (1)
  • September 2014 (15)
  • August 2014 (6)
  • July 2014 (1)
  • June 2014 (13)
  • May 2014 (11)
  • April 2014 (13)
  • March 2014 (6)
  • February 2014 (12)
  • January 2014 (3)
  • December 2013 (1)