I would like to know where the following was "lifted" from? What is
the original document?
1. The HIPAA Security Rule mandates the security of electronic medical
records (EMR). Unlike the Privacy Rule, which provides broader
protection for all formats that health information make take, such as
print or electronic information, the Security Rule addresses the
technical aspects of protecting health information. More specifically,
the HIPPA Security standards adresses these aspects of security:
2. What access does each form in your healthcare practice have to your
patients PHI, or Protected Health information?
3. Per Minimum Necessary Law which forms need which level of access to
be set. In other words which restrictions are needed so that access
of the minimum information necessary to do complete tasks and the rest
is not available AND is also secure from unauthorized individuals or
outside security risks?
4. Who are business associates - what is the minimum data they will
need and how is it transmitted * we may need to register them and sign
agreements that they will protect all minimum data received per HIPPA
laws - do they understand that you as a healthcare provider must
terminate business relations if they do not support and document HIPPA
confidentiality, policy and procedures manual documentation, and PHS
5. How will you provide a notice of privacy practices to your clients
and employees, AND document that all have received these notices and
acknowledgements of procedures, and make this documentation available
to them on an ongoing basis?
6. How will you document and receive authorization from clients and
employees whenever PHI is disclosed to appropriate parties per HIPPA
laws-how will your allow them to review their PHI on request, make
changes they desire, and restrict access as they choose?
7. How will you train and test employees in HIPPA laws and your
individual policies and procedures-how will they be retrained should
they change positions, if you need to alter your policies and
procedures, or just address annual retraining to ensure respect for
HIPPA laws, comprehension and compliance?
8. Have you appoint a Privacy Officer to oversee all HIPPA laws and
how will they document and manage all functions required?