As the healthcare industry continues to grow and change, technology advancements pose new security challenges for organizations who must ensure that electronic protected health information (ePHI) is secure. Security standards and technical safeguards are established and critical to reduce internal and external risks.
It is required by HIPAA's Security Rule (Security Standards for the Protection of Electronic Protected Health Information, found at 45 CFR Part 160 and Part 164, Subparts A and C), for all covered entities to comply with these standards and certain implementation specifications. For more information and to review the specific requirements of the Security Rule, click here.
All MaxMD products are 100% compliant with HIPAA's Security Standards and Technical Safeguards relative to the use, transmission, storage, and protection of ePHI:
-
STANDARD164.312(a)(1) Access Control.
A covered entity is required to; "Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been grant
ed access rights as specified in 164.308(a)(4) [Information Access Management]".
-
EMERGENCY ACCESS PROCEDURE (R) - 164.312(a)(2)(ii)
"Requires a covered entity to: Establish (and implement as needed) procedures for obtaining necessary electronic protected health information during an emergency."
-
AUTOMATIC LOGOFF (A) - 164.312(a)(2)(iii)
Where this implementation specification is a reasonable and appropriate safeguard for a covered entity, the covered entity must: "Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity."
-
ENCRYPTION AND DECRYPTION (A) - 164.312(a)(2)(iv)
Where this implementation specification is a reasonable and appropriate safeguard for a covered entity, the covered entity must: "Implement a mechanism to encrypt and decrypt electronic protected health information."
-
STANDARD 164.312(b) Audit Controls
The Audit Controls standard requires a covered entity to: "Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information."
-
STANDARD 164.312(c)(1) Integrity
The Integrity standard requires a covered entity to: "Implement policies and procedures to protect electronic protected health information from improper alteration or destruction." There is one addressable implementation specification in the Integrity standard.
-
MECHANISM TO AUTHENTICATE ELECTRONIC PROTECTED HEALTH INFORMATION (A) - 164.312(c)(2)
The covered entity must: "Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner."
-
STANDARD 164.312(d) Person or Entity Authentication
This standard requires a covered entity to: "Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed."
-
STANDARD 164.312(e)(1) Transmission Security
This standard requires a covered entity to: "Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network."
-
INTEGRITY CONTROLS (A) - 164.312(e)(2)(i)
The covered entity must: "Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of."
-
ENCRYPTION (A) - 164.312(e)(2)(ii)
The covered entity must: "Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate."