Under the HIPAA Security Rule, covered entities must implement security safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received in any electronic format. One type of security safeguard that must be implemented is known as “technical safeguards.”
What Are HIPAA Security Rule Technical Safeguards?
HIPAA Security Rule technical safeguards are defined as “the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.”
To properly implement HIPAA Security Rule technical safeguards, a covered entity must (among other things) develop (among other measures, such as encryption) effective access control measures.
What Are Access Control Measures?
Access control measures are policies and procedures for electronic information systems (i.e., information resources that share common functionality; a system typically includes hardware, software, information, data, applications, communications, and people) that maintain the confidentiality (as well as integrity and availability) of ePHI, by ensuring that only those individuals who require access to ePHI, are able to access that PHI. In other words, access must be granted on a “need to know” (in the HIPAA context, “need to access”) basis.
This “need to access” rule requires that covered entities assign a unique name and/or number for identifying and tracking user (employee) identity. Each employee whose job requires logging onto electronic systems that contain ePHI, must be assigned a unique login ID or user ID. A covered entity may not assign the same login ID to multiple employees. This way, system access activity can be identified and tracked.
What Covered Entities Must Assign Unique Login IDs?
All covered entities, including small or large health provider offices, health plans, group plans, and healthcare clearinghouses, must assign unique login IDs as part of their implementation of HIPAA Security Rule technical safeguards.
Compliancy Group Simplifies HIPAA Compliance
Covered entities can address their obligations under the HIPAA Security Rule by working with Compliancy Group to develop required Security Rule safeguards, including technical safeguards.
Our ongoing support and web-based compliance app, The Guard™, gives healthcare organizations the tools to address HIPAA Security Rule standards so they can get back to confidently running their business.
Find out how Compliancy Group has helped thousands of organizations like yours Achieve, Illustrate, and Maintain™ their HIPAA compliance!
