HIPAA Compliance Guide

HIPAA Overview & Regulations

HIPAA Compliance Guide
What is HIPAA? What is a HIPAA BAA?
Regulations
General Administrative Requirements
Subpart A
General Provisions
Subpart B
Preemption Of State Law
Subpart C
Compliance and Investigations
Subpart D
Imposition of Civil Money Penalties
Subpart E
Procedures for Hearings
Administrative Requirements
Subpart A
General Provisions
Subpart D
Standard Unique Health Identifier For Health Care Providers
Subpart E
Standard Unique Health Identifier For Health Plans
Subpart F
Standard Unique Employer Identifier
Subpart I
General Provisions For Transactions
Subpart J
Code Sets
Subpart K
Health Care Claims Or Equivalent Encounter Information
Subpart L
Eligibility For A Health Plan
Subpart M
Referral Certification And Authorization
Subpart N
Health Care Claim Status
Subpart O
Enrollment And Disenrollment In A Health Plan
Subpart P
Health Care Electronic Funds Transfers (EFT) And Remittance Advice
Subpart Q
Health Plan Premium Payments
Subpart R
Coordination Of Benefits
Subpart S
Medicaid Pharmacy Subrogation
Security and Privacy
Subpart A
General Provisions
Subpart C
Security Standards For The Protection Of Electronic Protected Health Information
Subpart D
Notification In The Case Of Breach Of Unsecured Protected Health Information
Subpart E
Privacy Of Individually Identifiable Health Information

Security and Privacy   >   Security Standards For The Protection Of Electronic Protected Health Information

§ 164.304 Definitions

As used in this subpart, the following terms have the following meanings:

Access means the ability or the means necessary to read, write, modify, or communicate data/information or otherwise use any system resource. (This definition applies to “access” as used in this subpart, not as used in subparts D or E of this part.)

Administrative safeguards are administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity’s or business associate’s workforce in relation to the protection of that information.

Authentication means the corroboration that a person is the one claimed.

Availability means the property that data or information is accessible and useable upon demand by an authorized person.

Confidentiality means the property that data or information is not made available or disclosed to unauthorized persons or processes.

Encryption means the use of an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without use of a confidential process or key.

Facility means the physical premises and the interior and exterior of a building(s).

Information system means an interconnected set of information resources under the same direct management control that shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people.

Integrity means the property that data or information have not been altered or destroyed in an unauthorized manner.

Malicious software means software, for example, a virus, designed to damage or disrupt a system.

Password means confidential authentication information composed of a string of characters.

Physical safeguards are physical measures, policies, and procedures to protect a covered entity’s or business associate’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.

Security or Security measures encompass all of the administrative, physical, and technical safeguards in an information system.

Security incident means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.

Technical safeguards means the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.

User means a person or entity with authorized access.

Workstation means an electronic computing device, for example, a laptop or desktop computer, or any other device that performs similar functions, and electronic media stored in its immediate environment.

[68 FR 8376, Feb. 20, 2003, as amended at 74 FR 42767, Aug. 24, 2009; 78 FR 5693, Jan. 25, 2013]

HIPAA Regulations

§ 164.302: Applicability

HIPAA Regulations

§ 164.306: Security standards: General rules