HIPAA Security Rules


Health Insurance Portability & Accountability Act
Designed to standardize electronic data interchange and protect the confidentiality and security of health data.

Affected Entities

Any healthcare organization or related entities that transact patient information.

Sections Relating to Security Rules

Security Rule: The Security Rule was published on February 20th, 2003 to cover any health information stored or transmitted electronically. Specifically, it requires entities to have safeguards in place that ensure health information integrity, confidentiality and availability.

Contingency Plan

Must establish policies and procedures for responding to an emergency (such as system failure or fire) that can damage systems containing health information.

Eprosystem Solution: The Security Rule requires a data backup plan, disaster recovery plan and plan for emergency mode operation. Eprosystem gives you comprehensive backup and Off-site Storage protection of internal or remote servers. In a crisis situation, you will be covered and your data can be restored within hours.

Device and Media Controls

Policies and procedures should be in place to govern movement of media in and out of a facility.

Eprosystem Solution: Eprosystem provides specific backup policies and procedures that are pre-defined, automated and highly disciplined. The Centralized management control offers the service online, so there is no physical media outbound or media physically situated in the facility that can be mishandled by unauthorized personnel.

Access Control

Governs technical policies that define access rights by people or software programs.

Eprosystem Solution: EproMedical restricts users via encryption password. The system assigns and defines access rights by component modules and categories within a module. The system can be accessed via VPN Tunnels from another location should there be an emergency. Additionally, outgoing data is always encrypted and only decrypted at the client-side.

Audit Control

Must implement hardware and software that records and examines activity in systems that contain health information.

Eprosystem Solution: EproMedical Security Log automatically creates a comprehensive audit trail for a variety of activities. The audit log tracks a user activities such as adding data, editing and deleting of data, and data access. Logs can be generated in multiple variations and retained according to your needs.

Data Integrity

Policies and procedures should be in place that protect from improper data alteration or destruction.

Eprosystem Solution: EproMedical is designed to prevent sensitive data from being altered and deleted by unauthorized users. Once the data is entered, only the author of the data has the editing rights to the information. The Sign Out feature further ensures that data cannot be overwritten or removed, once the record is signed out by the attending provider.

Compliance Deadline

Security Rule Only

Deadline for compliance of the Security Rule is April 21, 2005, for smaller entities it is April 21, 2006.