HIPAA myths and misconceptions
HIM-HIPAA Insider, June 23, 2014
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Myth: Security is an IT function
Security involves safeguarding electronic information in various ways and by various means, including policies, processes, education, designation of security officers and managers, and dedicating staff and monetary resources to providing technical tools and physical safeguards to protect systems. The Security Rule includes only two standards related to technical security—access controls and audit controls. Most Security Rule standards address administrative safeguards. The rule also includes several physical safeguard and documentation requirements.
IT professionals generally do not receive information security training. Information security is a distinct profession with specific bodies of knowledge and content that address all aspects of protecting an organization’s information assets. Many information security officers (ISO) do not report to IT. A conflict of interest may exist if an ISO reports to a chief information officer or other individual in an IT department.
Security and IT budgets should be separate. This requires an ISO to develop a security budget, justify proposed expenditures, and develop and communicate metrics to demonstrate the program’s success and activities.
Editor’s note: This article originally appeared on HCPro’s HIPAA Update blog and was adapted from The Complete Guide to Healthcare Privacy and Information Security Governance by Phyllis A. Patrick, MBA, FACHE, CHC.Click here to learn more about the book, published by HCPro, a division of BLR.
Stay up to date on all things HIPAA by signing up for e-mail updates from this blog.
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Related Products
Most Popular
- Articles
-
- Math can be tricky: TJC corrects ABHR storage requirement
- Air control equals infection control
- Don't forget the three checks in medication administration
- Note similarities and differences between HCPCS, CPT® codes
- Residency coordinators’ responsibilities
- The consequences of an incomplete medical record
- Practice the six rights of medication administration
- Study: Shorter shifts reduces residents’ attentional failures
- OB services: Coding inside and outside of the package
- RPA Subscriber Exclusive: February issue of Residency Program Alert now available
- E-mailed
-
- OSHA HazCom updates include labeling, SDS requirements
- Air control equals infection control
- Q&A: Coding from pathology/radiology reports
- Q&A: Are colleges sending students to our facility for rotations business associates?
- Nursing's growing role
- Note similarities and differences between HCPCS, CPT® codes
- Note from the instructor: CMS clarifies billing guidelines on proper billing for drugs in a single-dose or single-use vial, including billing for discarded drugs
- Fracture coding in ICD-10-CM requires greater specificity
- Five ways to safeguard your patients' valuables
- Differentiate between types of wound debridement
- Searched