• E-mail
• Print
• RSS

CMS posts HIPAA security FAQs

Compliance Monitor, August 25, 2004

Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!

CMS posted answers August 12 to 12 new frequently asked questions about the HIPAA Security Rule. The post included one updated answer as well (highlighted by an asterisk below). Here are the questions:

1. Does the HIPAA Security Rule allow for sending electronic PHI in an email or over the Internet?

2. What does the HIPAA Security Rule mean by physical safeguards?

3. Do the HIPAA Security Rule requirements for access control apply to employees who work from home?

4. What is the difference between Risk Analysis and Risk Management in the HIPAA Security Rule?

5. How will we know if our organization and our systems are compliant with the HIPAA Security Rule's requirements?

6. Are covered entities required to use the NIST guidance documents referred to in the final Security Rule?

7. Does the HIPAA Security Rule apply to written and oral communications?

8. Are we required to "certify" our organization's compliance with the HIPAA security standards?

9. Does the Security Rule mandate minimum operating system requirements for personal computer systems?

10. Does the HIPAA Security Rule require the use of an electronic or digital signature?

11. What is a system vulnerability?

12. What is encryption?

13. *Is mandatory encryption in the HIPAA Security Rule?

To see all 28 FAQs, click here.

Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!

• E-mail to a Colleague
• Print
• RSS
• Archive