|
security rule purposes |
|
The
security of a system is a combination of its ability to support: · System
availability · Data
integrity · Data
confidentiality A
failure of a system to protect any of these creates a security violation or
weakness. >
Availability: system availability is whether a system is available for use by
its intended users. >
Integrity: data integrity is whether the information stored on a system is
reliable and can be trusted. >
Confidentiality: data confidentiality is whether the information stored on a
system is protected against unintended or unauthorized access. The
HIPAA Security Rule applies only to information that a provider (Physician,
Home Care Agency, Hospital, etc.) creates, receives, transmits, or stores
electronically. In this case the Protected Health Information is called
Electronic Protected Health Information (or e-PHI). There
are four legal obligations in the rule: 1. Ensure
the confidentiality, integrity, and availability of the e-PHI 2. Protect
against any reasonably anticipated threats or hazards to the security or
integrity of such information 3. Protect
against any reasonably anticipated uses or disclosures of such information
that are not permitted or required by law 4. Ensure
compliance with this subpart by its workforce |
|
|
