HIPAA - Implement a Mechanism to Authenticate EPHI with Abtech DataTrust/Audit Solutions

The Abtech Systems DataTrust/AUDIT Approach

Abtech Systems offers an innovative product, DataTrust/AUDIT, that addresses the confidentiality and availability requirements for EPHI Electronic Health Protected Information compliance by providing IT and security organizations with comprehensive User Activity Management.  EPHI is defined as any information which can directly identify an individual and any care received. This includes physical or mental care or state of health in the past, present, or future, as well as payment methods or provisions for care.

The Abtech DataTrust/AUDIT solutions give your healthcare organization the ability to answer such confidentiality questions as “Who accessed this file and was this person authorized for such access?” Or “What are the wireless and VPN users doing?”  It also provides a means for availability to IT staff and auditors via a simple web interface, with just two hours of training!
In today’s environment, threat management must be effective, efficient, and easily implemented.  Abtech DataTrust/AUDIT can be deployed within a few hours to provide your organization with relevant audit reports, policy alerting and enforcement within the close of that same business day. 

Monitoring and controlling high risk users such as wireless and VPN users, IT admin, outside contractors or institutions, and internal staff would now be as simple as a few clicks of the mouse.  This provides change control management for Active Directory and Windows or NFS file permissions, and can even correlate the use of shared administrator accounts with the identities of the actual IT employees that use them.  

DataTrust/AUDIT Operational Benefits:

• One tool for compliance and risk management – apply best practices across the organization
• Automatic synchronization with Active Directory or other identity management systems – ALL network activity correlated with user identity
• Single Solution for a wide range of applications – eliminate training and operational overhead of point products
• Simple web interface – Can be used by security, IT and auditors with just two hours of training
• Eliminate the “data overload” problem – exception reporting focused on high risk events
• Multiple languages supported – Leverage solution and staff knowledge in international deployments

The HIPAA Security Rule specifically focuses on protecting the confidentiality, integrity, and availability of electronic protected health information (EPHI), as defined in the Security Rule. The EPHI that a covered entity creates, receives, maintains, or transmits must be protected against reasonably anticipated threats, hazards, and impermissible uses and/or disclosures.  In general, the requirements, standards, and implementation specifications of the Security Rule apply to the following covered entities:

• Covered Healthcare Providers— Any provider of medical or other health services, or supplies, who transmits any health information in electronic form in connection with a transaction for which HHS has adopted a standard.
• Health Plans— Any individual or group plan that provides or pays the cost of medical care (e.g., a health insurance issuer and the Medicare and Medicaid programs).
• Healthcare Clearinghouses— A public or private entity that processes another entity’s healthcare transactions from a standard format to a nonstandard format, or vice versa.
• Medicare Prescription Drug Card Sponsors – A nongovernmental entity that offers an endorsed discount drug program under the Medicare Modernization Act.

New HIPAA Security Rule Goals and Objectives

As required by the general rules section of the HIPAA Security Rule, each covered entity must:

• Ensure the confidentiality, integrity, and availability of EPHI that it creates, receives, maintains, or transmits;
• Protect against any reasonably anticipated threats and hazards to the security or integrity of EPHI; and…
• Protect against reasonably anticipated uses or disclosures of such information that are not permitted by the Privacy Rule.

In complying with this section of the Security Rule, covered entities must be aware of the definitions provided for confidentiality, integrity, and availability:

• Confidentiality is “the property that data or information is not made available or disclosed to unauthorized persons or processes.”
• Integrity is “the property that data or information have not been altered or destroyed in an unauthorized manner.”
• Availability is “the property that data or information is accessible and useable upon demand by an authorized person.”

Risk Management

The HIPAA Security Rule is all about implementing effective risk management to adequately and effectively protect EPHI. The assessment, analysis, and management of risk provides the foundation of a covered entity’s Security Rule compliance efforts, serving as tools to develop and maintain a covered entity’s strategy to protect the confidentiality, integrity, and availability of EPHI.

The risks that must be assessed are the risks of noncompliance with the requirements of Section 164.306(a) (General Rules) of the HIPAA Security Rule 17

The National Institute of Standard & Technology has a 117-page document which details the guidelines needed, risk managements steps as well as possible fines for violations of compliance with HIPAA/EPHI.  The complete document can be downloaded here.

Abtech’s HIPAA compliant experts can steer you through what may be perceived as a mountain of government documents, rules, regulations to ensure your organization is meeting all regulations – old, new and pending – so your organizations can devote more energy to patient care.

HIPAA Changes in H.R. 1 - The American Recovery and Reinvestment Act of 2009

The American Recovery and Reinvestment Act of 2009 (the “Stimulus Bill”) was signed into law by President Obama on February 17, 2009. Tucked in the lengthy Stimulus Bill are major changes to HIPAA that will have a significant effect on hospitals, health plans, health insurers and other covered entities.  The changes are outlined in this 58-page document  HIPAA Changes in H.R. 1.  Let Abtech Systems can guide you through the verbiage.

For general HIPAA Security Rule information, visit the CMS HIPAA Web site at:

http://www.cms.gov/HIPAAGenInfo/

Abtech Systems will guide you every step of the way to protect your practice against HIPAA privacy and security blunders. Abtech DataTrust/AUDIT and the entire family of DataTrust solutions will ensure you are properly handling all patient information and bring your practice into compliance.  Don’t risk penalties and negative publicity by making security or privacy missteps, which can be easily resolved. Contact us today.  We’ll show you how…