Sorry, you have Javascript Disabled! To see this page as it is meant to appear, please enable your Javascript! See instructions here

HIPAA Security Rule: HIPAA 101 Review

MARLENE MAHEU, PhD

December 13, 2019 | Reading Time: 1 Minutes

 531

Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

Under the Health Insurance Portability and Accountability Act (HIPAA), telehealth practices are considered covered entities (CEs). As a HIPAA covered entity, the HIPAA Security Rule applies to telehealth practices.

What is the HIPAA Security Rule?

The HIPAA Security Rule requires organizations working in healthcare to secure protected health information (PHI), maintaining the confidentiality, integrity, and availability of PHI.

Confidentiality: PHI cannot be disclosed to unauthorized individuals.
Integrity: PHI cannot be altered or destroyed without proper authorization.
Availability: PHI must be easily accessible to authorized individuals.

Covered entities have an obligation to adhere to the following in accordance with the HIPAA Security Rule:

Identify and protect against reasonably anticipated threats to the security or integrity of the information;
Protect against impermissible uses or disclosures of ePHI that are reasonably anticipated; and
Ensure compliance by their workforce.

In addition to these standards, it is a requirement of the HIPAA Security Rule to have administrative, physical, and technical safeguards in place.

Administrative: requires a security risk assessment (SRA) to be performed to identify gaps in security measures.
Physical: are the measures that are put in place to secure physical location including alarms and cameras.
Technical: are measures that secure an organization’s network including encryption, firewalls, and data backup.

Although the HIPAA Rule does not mandate specific safeguards to be in place, covered entities (CEs) must implement measures that are reasonably appropriate for their organization. When deciding what protection to implement, the following should be considered:

Their size, complexity, and capabilities;
Their technical hardware, and software infrastructure;
The costs of security measures; and
The likelihood and possible impact of the potential risk to ePHI.

HIPAA Compliant Cybersecurity for Professionals

Must-know information about how to protect your telehealth practice from a ransomware attack. Operate w/ EYES WIDE OPEN.

Telehealth Courtroom Realities: How to Stay Out of Legal Hot Water

Developed by a senior litigating telehealth attorney for the defense, this eye-opening telehealth training experience will help the clinician avoid the harsh realities of a courtroom.

Essential Telehealth Law & Ethical Issues

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of Telehealth.org’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.