 | ||||
 | | | ||
 | ||||
|
||||
|
|||||||
|
HIPAA
Tip: Selecting a Security Official
It’s time to start preparing for the next HIPAA hurdle—the security rule. The security rule, which takes effect April 16, 2005, requires physician offices to take appropriate steps to assure the security and confidentiality of their patients’ electronic medical records and other protected health information. The first and most practical step in any HIPAA security rule compliance program is to designate a security official. This process will be familiar to all physicians covered by HIPAA, as they were required just last year to appoint a HIPAA privacy official. For small to midsize practices, the privacy official and security official can be the same individual. Often this role is best handled by the office manager or administrator. Larger organizations and hospitals may want to choose someone from their IT department. The security official will need to be in a position of sufficient authority to ensure that policies and procedures are implemented and that sanctions are enforced when a violation occurs. The security official will be responsible for, among other things, periodically performing risk analyses, implementing contingency plans in case of a security failure or other emergency, and making sure only authorized individuals are able to access the practice’s electronic records and systems. For an overview of the security rule, see ON-CALL document #1607, “HIPAA Security Rule.” ON-CALL documents are free to members at CMA's members-only website. Nonmembers can purchase ON-CALL documents from CMA's online bookstore. Detailed information on security officials’ duties and requirements is included in the CMA/PrivaPlan HIPAA Privacy and Security Toolkit. The toolkit also contains all the information, forms and help you need to comply with the HIPAA privacy rules and regulations. CMA members can purchase the toolkit for $325 (nonmember price is $495). For more information on the toolkit, click here. For more HIPAA information, visit the HIPAA Help Center. Contact: CMA’s legal information line, 415/882-5144 or legalinfo@cmanet.org.
|
|
||||
 |
|
|