G&G IT software automation, outsourcing in Healthcare, Biotechnology, Medical, Life sciences, CRO, Clinical Research, Pharmaceutical, Biomedical with HIPAA, database, custom programming, application development consulting, system integration

Home >> HIPAA >> Security

HIPAA Security and Electronic Signature Standards

Security is an important part of HIPAA. Although the final Security rules (known as Standards) have not been release in final form (as of October 2002), the proposed Standard has been available since 1998. All Covered Entities and Business Associates are impacted by Standards.

In this age of computers, most organizations are vulnerable to outside hackers, both internal on the local area network, and external if they are connected to a wide area network or to a service provider for web access.

If Protected Health Information (PHI) is stored electronically, you must develop:

Documented policies an procedures for receipt, storage, dissemination, manipulation, transmission and disposal of PHI
Documented policies and procedures for granting access to PHI
A contingency plan for systems that store PHI, to include a disaster recovery plan, a data backup plan, a plan for operating under emergency conditions and a testing/revision procedure
Documented policies to insure the security of information systems, including (but not limited to) virus checking, installation and maintenance review, system documentation
Formal procedures for reporting/resolving security violations
Documented procedures for ending access when an employee leaves the organization
Documented procedures and policy for computer use and security (workstation location, logging off when an employee steps away, etc)

In addition to protecting computer PHI, physical PHI must also be protected from unauthorized access. You will need to develop

Documented policy and procedures for controlling physical media (records, charts, x-rays, etc)
Documented policy and procedures for controlling human access to physical media

Finally, you must provide Security Awareness Training for all employees and contractors who might come into contact with PHI.

Special Note:

Standards for Electronic Signatures will not appear in the final HIPAA Security Standards. The proposed rule does not require the use of electronic signatures. If electronic signatures are used, however, they must

Assure message content integrity
Guarantee the signer’s identity
Be cryptographically based
Make it difficult to claim that the signer did not sign a paper document

Contact G&G Technologies, Inc. for assistance with your HIPAA Security Compliance. Our specialists can help you prepare for meeting the deadline (not yet published).