Establishment of IT Controls for the HIPAA Security Rule
The Health Insurance Portability and Accountability Act (HIPAA) law, passed in 1996, is designed to allow employees to change jobs without concern about continuation of health insurance coverage, provide improved access to health insurance for patients, reduce inefficiencies in the health care industry and protect the electronic health information of patients.
This document identifies how the TIBCO LogLogic Compliance Suite satisfies specific requirements of the HIPAA security rule which directs that:
- The Department of Health and Human Services (HHS) Medicare Program,
- Other Federal agencies operating health plans or providing health care,
- State Medicaid agencies,
- Private health plans,
- Health care providers and
- Health care clearinghouses
assure their patients that the integrity, confidentiality, and availability of Electronic Protected Health Information they collect, maintain, use, or transmit is protected. Today, the amount of electronic health information is staggering and its integrity, confidentiality and availability are threatened by worms, viruses, unauthorized disclosure and misuse.
The HIPAA Security Rule requires that Covered Entities implement various standards to safeguard electronic health information. HIPAA implementation standards are either required (R) or addressable (A). If an Implementation Specification is “required”, the Covered Entity must implement the Implementation Specifications. If the Implementation Specification is “addressable” the Covered Entity must:
Assess whether each Implementation Specification is a reasonable and appropriate safeguard in its environment, when analyzed with reference to the likely contribution to protecting the entity’s Electronic Protected Health Information; and as applicable to the entity
- Implement the Implementation Specification if reasonable and appropriate; or
- If implementing the Implementation Specification is not reasonable and appropriate
A large portion of the HIPAA Security Rule Standards and Implementation Specifications can be directly satisfied or enhanced by use of the TIBCO LogLogic Compliance Suite. This document explains which HIPAA Standards and Implementation Specifications are satisfied by the TIBCO LogLogic Compliance Suite and how.