Question

Name and describe 4 Access Safeguards in computer systems in healthcare?

Answer 1

Hospitals may be large and complex organizations, but they have covered entities like any other and therefore beholden to the HIPAA Security Rule in the same way as any other covered entity. HIPAA is written vaguely specifically to facilitate giant hospitals complying with the same law as single practice providers.

The HIPAA Security Rule “requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronically protected health information.” Those safeguards comprise the requirements around what constitutes appropriate controls for protecting patient data.

The HIPAA Security Rule describes administrative safeguards as policies and procedures designed “ to manage the selection, development, implementation, and maintenance of security measures to protect electronically protected health information.

Technical Safeguards:

1. Access Control
2. Audit Controls
3. Integrity
4. Authentication
5. Transmission Security

Physical Standards:

1. Facility Access Controls
2. Workstation Use
3. Workstation Security
4. Device and Media Controls

Administrative Safeguards

1. Security Management Process
2. Assigned Security Responsibility
3. Workforce Security
4. Information Access Management
5. Security Awareness and Training
6. Security Incident Procedures
7. Contingency Plan
8. Evaluation
9. Business Associate Contracts and Other Arrangements

Physical Safeguards:

Unauthorized staff should not be able to access PHI. In the world of paper charts, this meant that you would need to lock doors and keep paper charts in an area that was restricted to authorized personnel. With computers becoming more common, physical safeguards also apply to workstation access controls and device/disk controls. In short, only authorized users should be able to access any data from a workstation that has access to PHI.

Technical Safeguards: These are the mechanisms by which you manage access and protect patient data. These safeguards cover areas like encryption, audit logging, intrusion detection/vulnerability scanning, and data integrity.

Administrative Safeguards: The organization needs to have personnel, policies and plans to manage PHI. Employees that handle PHI need to be trained on how to handle PHI appropriately. We will likely need to have policies for things like incidents, breaches, disaster recovery, employee onboarding/offboarding, training, and more. All the tech in the world doesn’t matter if someone just goes and emails PHI or yells patient names and conditions in the hallway, so it’s worth noting that these are not worth understating.

We have a look for the technical safeguards:

Access Control: According to this policy only an authorized person has been allowed to access the electronic health information of the patients. Thus by this policy, we can protect all the electronic personal records and health information of the patients.

Audit Controls: This policy can be implemented in the hardware or the software of the electronic health information system or e-PHI.

Integrity Controls: Through this policy, we can ensure that electronic patient health information can be safe and cannot be altered or destroyed.

Transmission Security: Through this policy, we can safely transfer the e-PHI through an electronic network.