If I'm reading this information correctly, it states that the care providers
are responsible for encrypting and decrypting electronically transmitted
information.

Mark Nash
Network Engineer
UnwiredOnline.Net
350 Holly Street
Junction City, OR 97448
http://www.uwol.net
541-998-5555
541-998-5599 fax

----- Original Message ----- 
From: "Peter R." <[EMAIL PROTECTED]>
To: "WISPA General List" <wireless@wispa.org>
Sent: Wednesday, November 29, 2006 6:00 AM
Subject: Re: [WISPA] HIPAA


> A HIPAA consultant was at my luncheon yesterday. He pulled all this info
> for you:
>
> pulled a couple things below as background as well as the actual
> regulation. The one that pertains to this discussion is the last
> paragraph below. There is no strict rule as to how to secure and in
> actual fact, switched or dial-up networks are deemed more secure due to
> the random nature of the connection.
>
>
http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=2003_register&docid=fr20fe03-4.pdf
>
> The HIPAA Security Rule establishes specific requirements for securing
> all electronic protected health information (EPHI) -- while at rest (in
> servers or storage) or in motion (in transmission, wireless or wired).
>
> ‘‘Transmission security (refers to)… electronic protected health
> information is transmitted from one point to another, it must be
> protected in a manner commensurate with the associated risk.”
>
>
> § 164.312 Technical safeguards.
>
> A covered entity must, in accordance with § 164.306:
>
> (a)(1) Standard: Access control. Implement technical policies and
> procedures for electronic information systems that maintain electronic
> protected health information to allow access only to those persons or
> software programs that have been granted access rights as specified in §
> 164.308(a)(4).
>
> (2) Implementation specifications: (i) Unique user identification
> (Required). Assign a unique name and/or number for identifying and
> tracking user identity. (ii) Emergency access procedure (Required).
> Establish (and implement as needed) procedures for obtaining necessary
> electronic protected health information during an emergency. (iii)
> Automatic logoff (Addressable). Implement electronic procedures that
> terminate an electronic session after a predetermined time of
> inactivity. (iv) Encryption and decryption (Addressable). Implement a
> mechanism to encrypt and decrypt electronic protected health information.
>
>
> (b) Standard: Audit controls. Implement hardware, software, and/or
> procedural mechanisms that record and examine activity in information
> systems that contain or use electronic protected health information.
>
> (c)(1) Standard: Integrity. Implement policies and procedures to protect
> electronic protected health information from improper alteration or
> destruction. (2) Implementation specification: Mechanism to authenticate
> electronic protected health information (Addressable). Implement
> electronic mechanisms to corroborate that electronic protected health
> information has not been altered or destroyed in an unauthorized manner.
>
> (d) Standard: Person or entity authentication. Implement procedures to
> verify that a person or entity seeking access to electronic protected
> health information is the one claimed.
>
> (e)(1) Standard: Transmission security. Implement technical security
> measures to guard against unauthorized access to electronic protected
> health information that is being transmitted over an electronic
> communications network. (2) Implementation specifications: (i) Integrity
> controls (Addressable). Implement security measures to ensure that
> electronically transmitted electronic protected health information is
> not improperly modified without detection until disposed of. (ii)
> Encryption (Addressable). Implement a mechanism to encrypt electronic
> protected health information whenever deemed appropriate.
>
>
> Daniel L. Ruggles
> CISSP, CISM, CMC, IAM, PMP
>
> Principal
> Liaison Technologies, LLC
>
>
> -- 
> WISPA Wireless List: wireless@wispa.org
>
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
>
> Archives: http://lists.wispa.org/pipermail/wireless/
>


-- 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

Reply via email to