HIPAA

HIPAA’s requirements with respect to business associates are directly relevant to companies and vendors who enter into an outsourcing relationship. HIPAA mandates numerous precautions, restrictions, and obligations of which the vendor as a business associate must be aware. The vendors must agree to comply with the same stringent confidentiality or security requirements and transfer restrictions as those that the HIPAA Rules impose on their clients that are covered entities. For example, being able to respond, within the regulatory time frames, to a patient’s request for an accounting of the disclosures of the patient’s information in the vendor’s custody would require having in place the technology, structure, and personnel necessary to handle the request.

A vendor that offers services to HIPAA-covered entities should take into account the requirements, restrictions, and obligations set forth in the HIPAA Privacy Rule and Security Rule before preparing a proposal for outsourcing services. However, the customer should ensure that the vendor will be able to assist in the compliance, respond to the

Comparison of eight Governance Risk Control (GRC) Regulatory Compliances from Health Insurance Portability and Accountability Act (HIPAA), European Union Data Protection Directive (EUDPD), AICPA Generally Accepted Privacy Principles (GAPP), Payment Card Industry Data Security Standard (PCI DSS, ISO 27002 Code of Practice for Information Security Management, COBIT, The Sarbanes-Oxley Act of 2002 (SOX), Gramm-Leach-Bliley Act (GLBA)

1. Health Insurance Portability and Accountability Act (HIPAA)
HIPAA includes among its components privacy and security rules for the handling of personal and medical information within the health care industry. These rules focus on Protected Health Information (PHI) and electronic PHI (ePHI) that result from efforts to streamline the health care system in the United States and mandate the standardization of electronic transactions, code sets, and identifiers. The privacy and security rules for this act are detailed and prescriptive. Although the regulation focuses on organizations in the U.S. health care industry, it can extend to other organizations if they engage in certain activities, such as managing employee group health plans, or providing services to organizations that this regulation directly affects. If your organization is in the United States and maintains a health plan for its employees, HIPAA most likely applies to the collected and stored information. The U.S. Health and Human Services department (HHS) Office for Civil Rights (OCR) enforces HIPAA regulations.

Protect the key information is one of the requirement of HIPAA (Health Insurance Portability and Accountability). Therefore you can use Folder Lock to comply with the regulations. Basically this application provides two levels of protection:
1. Lock files and folders,
2. Encrypt them using the 256-bit Blowfish algorithm.

For free version the size of file encryption is limited to 25 MB.

List of Health Insurance Portability and Accountability Act (HIPAA) Access Control Policy:
1. Internal network resources, so these resources can all be grouped together.
If a specific resource such as a file share or database requires additional authentication, then this takes place when a user accesses the resource. The only exception to this policy of grouping all resources is a set of HR applications that only a small set of external users is authorized to access. Note that these users may not access the other internal resources that other users can access.

2. List the groups or users.
Most users are in one main group that has network connectivity to all internal resources. A smaller group is composed of external users that have access to the set of HR applications mentioned in the previous step.

3. List the conditions under which the resources should be accessible by the groups.
There are several conditions for accessing resources:

A Secure Document Management System Security is very important and mandatory requirements in many document management applications. For instance the Health Insurance Portability and Accountability Act (HIPAA) requirements stated that medical documents should have certain security requirements. And such regulatory compliance such as Sarbanes Oxley, GLBA, or even security standard such as ISO 27001 or NIST 800 also requires the same security level for Document Management

One of the option available on the market today is Free Opensource KnowledgeTree, a Free Document Management System for HIPAA Compliance especially under Physical Safeguards – controlling physical access to protect against inappropriate access to protected data. Below such a feature of opensource KnowledgeTree

- KnowledgeTree is easy to use, open source document management software that seamlessly connects people, ideas, and processes to satisfy all your collaboration, compliance, and business process requirements