Security Rule

• The Security Rule establishes a program for storing and maintaining confidential information.doctor image by JASON WINTER from Fotolia.com
  
  The Federal HIPAA Security Rule sets security standards for protecting hospital information through policies and procedures. The Security Rule's main concern is keeping electronic information confidential. The rule mandates a program to train and assign personnel to administer and support the program.
  
  

Security Measures

• Administrative safeguards protect confidential information in the event of a natural disaster.Hospital Files image by PinkSony from Fotolia.com
  
  HIPAA's Security Rule has three distinct types of security measures: administrative safeguards, physical safeguards and technical safeguards. Administrative safeguards deal with administrative policies and procedures to maintain security and protect electronically stored health information as well as administer the conduct of the employees in charge of protecting the confidential information. The physical safeguards protect the electronic information systems from natural disasters such as rain, snow, earthquakes, tornadoes and hurricanes. Finally, technical safeguards control access to the confidential information on the electronic systems.
  
  

Security Officer

• Security is key to protecting a patient's private records.medical inventory image by Pix by Marti from Fotolia.com
  
  Under HIPAA, a security officer has the duty to ensure that the Security Rule policies are being followed by all the departments required to do so. The officer has several responsibilities, such as ensuring HIPAA policies are implemented to keep the respect, privacy and availability of the confidential health information. Also, he must supervise, inspect and review observance with HIPAA's policies, supply and approach to report security violations, and act as a representative concerning HIPAA's security.
  
  

Workforce

• Only employees and volunteers have access to confidential information.family doctors,dentists image by feisty from Fotolia.com
  
  The Privacy Rule defines "workforce" as "employees, volunteers, trainees and other persons whose conduct, in the performance of work for a covered entity, is under the direct control of such entity, whether or not they are paid by the covered entity." The Privacy Rule establishes who has access to the electronic information, workstations or applications making the confidential information available. Only workforce employees will be permitted access to the private information when the work assignment requires access. When the assignment no longer requires access to the confidential information, the workforce employee will no longer be authorized to have access.
  
  

Termination

• Terminating a workforce employee's access to the confidential information helps maintain privacy and security under HIPAA.Empty Office Cubical image by TekinT from Fotolia.com
  
  There are several reasons for a workforce employee's access to be terminated, including belief the individual is violating the Security Rule policies, the individual is no longer employed, the individual's password is compromised or job description changes. If the individual is on an approved leave from the job site, the individual's access will be suspended only until the individual returns to work.