HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases

More»

E-learning

  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation

More»

Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


More»

Jun
19

HIPAA myths and misconceptions

Email This Post Print This Post

 

Myth: Security is an IT function

Security involves safeguarding electronic information in various ways and by various means, including policies, processes, education, designation of security officers and managers, dedicating staff and monetary resources to providing technical tools and physical safeguards to protect systems. The Security Rule includes only two standards related to technical security—access controls and audit controls. Most Security Rule standards address administrative safeguards. The rule also includes several physical safeguard and documentation requirements.

IT professionals generally do not receive information security training. Information security is a distinct profession with specific bodies of knowledge and content that address all aspects of protecting an organization’s information assets. Many information security officers (ISO) do not report to IT. A conflict of interest may exist if an ISO reports to a chief information officer or other individual in an IT department.

Security and IT budgets should be separate. This requires an ISO to develop a security budget, justify proposed expenditures, and develop and communicate metrics to demonstrate the program’s success and activities.

Editor’s note: This article is adapted from theThe Complete Guide to Healthcare Privacy and Information Security Governance by Phyllis A. Patrick, MBA, FACHE, CHC. Click here to learn more about the book, published by HCPro, a division of BLR.

Leave a Reply