MIS565 You Decide abc
Business Associate Contract
John Guillory
MIS565 Healthcare Security & Privacy
Professor Joseph Woodside
April 5, 2015
Overview of Health Insurance Portability Accountability Act (HIPAA) Privacy Rule
The HIPAA privacy rule is a basic threshold promulgated by the US Department of Health and Human services (HHS) for the protection of health information and it applies to three sets of organizations, usually referred to as “covered entities” (US Dept. Health and Human Services). On April 5, 2015, this is a formal contract with Chief Compliance Officer, JFK Medical Center to take effective immediately and supersedes all other documents.
Relationship of Business Associates with Respect to Protective Health Information (PHI)
As the Chief Compliance Officer it is very important that business associates (covered entities) make a supreme effort to ensure the safe keeping of a patient’s health information. Considering three key areas that will affect the decision whether a hospital receives its accreditation consist of the release of information, protection of privacy/maintenance of confidentiality/protection of data security, and management of sensitive health information. The Joint Commission on Accreditation of Healthcare Organizations (JCAHO) requires this privacy and security rules including 18 types of identifiers for individuals must be secured at all times to include Electronic protected health information (ePHI).
Responsibilities/Functions between the Business Associate to perform on behalf of Tricat
As the Chief Compliance Officer is your responsibility to act/represent Tricat by conducting a risk analysis consisting of the following steps: system characterization, treat identification, vulnerability identification/control analysis, likelihood determination, risk determination, control recommendations, and results documentation. Whenever a new system is installed added security methods to PHI must be followed and is required under HIPAA.
John Guillory
MIS565 Healthcare Security & Privacy
Professor Joseph Woodside
April 5, 2015
Overview of Health Insurance Portability Accountability Act (HIPAA) Privacy Rule
The HIPAA privacy rule is a basic threshold promulgated by the US Department of Health and Human services (HHS) for the protection of health information and it applies to three sets of organizations, usually referred to as “covered entities” (US Dept. Health and Human Services). On April 5, 2015, this is a formal contract with Chief Compliance Officer, JFK Medical Center to take effective immediately and supersedes all other documents.
Relationship of Business Associates with Respect to Protective Health Information (PHI)
As the Chief Compliance Officer it is very important that business associates (covered entities) make a supreme effort to ensure the safe keeping of a patient’s health information. Considering three key areas that will affect the decision whether a hospital receives its accreditation consist of the release of information, protection of privacy/maintenance of confidentiality/protection of data security, and management of sensitive health information. The Joint Commission on Accreditation of Healthcare Organizations (JCAHO) requires this privacy and security rules including 18 types of identifiers for individuals must be secured at all times to include Electronic protected health information (ePHI).
Responsibilities/Functions between the Business Associate to perform on behalf of Tricat
As the Chief Compliance Officer is your responsibility to act/represent Tricat by conducting a risk analysis consisting of the following steps: system characterization, treat identification, vulnerability identification/control analysis, likelihood determination, risk determination, control recommendations, and results documentation. Whenever a new system is installed added security methods to PHI must be followed and is required under HIPAA.
References: US Department of Health and Human Services (2007). Security standards: Organizational policies and procedures and documentation requirements. Retrieved from: http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/pprequirements.pdf US Department of Health and Human Services. Health information privacy: General overview. Retrieved from: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/generaloverview.html Semel, M. (2013, October 28). HIPAA Security Rule - Addressable, not Optional. Retrieved from: http://www.4medapproved.com/hitsecurity/hipaa-security-rule-addressable-optional/ Security Risk Analysis and Management: An Overview (Updated). (n.d.). from http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_048622.hcsp?dDocName=bok1_048622