Homepage About Us Contact Us Subscribers Account Management Area
Newsletter
Readiness Test
Introduction
History
Regulations
Compliance Dates
Enforcement
Strategies
Downloads
Glossary
Casualty Reports
Implementation Summary
Compliance Example
TECHNICAL SECURITY MECHANISMS TO GUARD AGAINST UNAUTHORIZED ACCESS TO COMPUTER DATA THAT IS TRANSMITTED OVER A COMMUNICATIONS NETWORK
Requirement
 Implementation Feature
Communications/Network Controls

If communications or networking is employed, the following implementation features must be implemented:

· Integrity controls.
· Message authentication.

In addition, one of the following implementation features must be implemented:

· Access controls.
· Encryption.

In addition, if using a network, the following four implementation features must be implemented:

· Alarm.
· Audit trail.
· Entity authentication.
· Event reporting.

 · Access controls.
· Alarm.
· Audit trail.
· Encryption.
· Entity authentication.
· Event reporting.
· Integrity controls.
· Message authentication.
Overview Of Above Requirements
Communications containing personal health information that are electronically transmitted over a computer or open networks must be protected so that they cannot be easily intercepted and interpreted by parties other than the intended recipient, and to protect computers and networks from intruders trying to access systems through external communication points. When using open networks, encryption should be employed. The utilization of less open systems/networks such as individual PC's, value-added network (VAN) and private-wire arrangement provides sufficient access controls to allow encryption to be an optional feature, but strongly recommended. This control is important because of the potential for compromise of information over open systems such as the Internet or dial-in lines.

All of the following implementation features must be put into place:

· Integrity controls.
· Message authentication.

And one of the following implementation features must also be put into place:

· Alarm.
· Audit trial.
· Entity authentication.
· Event reporting.
HIPAA Compliance Dates
Standard Compliance Date Extention Date
Transactions and Code Sets 10/16/2003 10/16/2003
Only if application filed
before Oct 15, 2002.
National Provider Identifier Pending Not Applicable
National Employer Identifier Pending Not Applicable
Security Rule 4/20/2005 Not Applicable
Privacy Rule 4/14/2003 Not Applicable
National Health Plan identifier Pending Not Applicable
Claims Attachments Pending Not Applicable
Enforcement Pending Not Applicable
National Individual Identifier Pending Not Applicable
Business Associates 4/14/2003 4/14/2004
Extension applies ONLY to business associates with exisiting business associate contracts made prior to April 14, 2003.
HIPAA Forms
Over 100 Customizable Templates. Includes Privacy and Security policies & procedures, authorizations, checklists and more.
Let's See
Subscriber's
Handbook
Our 'How-To' Guide. A simple roadmap for using our web site for compliance assistance and for satisfying HIPAA's requirements for training all your workforfce members. First time visitors click here.
Let's See
Workforce Training
It's Federal Law. All health care providers workforce members must be trained on HIPAA's Privacy and Security regulations.
Let's See
Training
Documentation
Monitor & Document Workforce Training. Not only is it a HIPAA requirement, but documenting your workforce training is your best bet for reducing your exposure to liabilities associated with breaches of confidentiality of health information.
Let's See
Training Webinars
Our Online HIPAA Privacy/Security Officer and Workforce Training Webinars. Two separate online presentations. One for Privacy & Security Officers and one for workforce members.
Let's See
HIPAA Testing
For Privacy/Secirity Officials and All Workforce Members. Two separate training tests - one for company Privacy/Security Officials and one for workforce members.
Let's See
Implementation
Guidelines
Hundreds of Detailed Privacy & Security Compliance Recomendations. Conveniently categorized for easy use.
Let's See
HIPAA Tutorials
Over 120 Online HIPAA Tutorials. Covering every aspect of HIPAA's Security & Privacy regulations.
Let's See
HIPAA FAQs
Thousands of Frequently Asked Questions. Conveniently categorized answers to over 3000 commonly asked HIPAA questions.
Let's See
HIPAA Directory
Thousands of HIPAA Products & Services. A gigantic HIPAA catalog containing listings of companies offering HIPAA compliant products and services.
Let's See

Read our Web Site Access License Agreement and Privacy Policy

Disclaimer: CAL HIPAA, LLC. obtains its information from sources it believes to be reliable. However, because of the possibility of human and mechanical error as well as other factors, CAL HIPAA, LLC. makes no representations or warranties, express or implied, as to the accuracy or timeliness of its information, and cannot be responsible or liable for any errors or omissions in its information or the results obtained from the use of such information. Information contained on this web site are statements of opinion and not statements of fact or recommendations and do not constitute legal advice. This web site utilizes independent information providers (IIPs) and independent product providers (IPPs). CAL HIPAA, LLC. is not a referral service and does not recommend or endorse any particular IIP or IPP. Rather, CAL HIPAA, LLC. is only an intermediary that provides limited information about IIPs and IPPs. We do not endorse or offer advice regarding the quality or suitability of any product from any IPP, or endorse or offer advice regarding the quality or suitability of any advice from any IIP, or particular provider for any reason, and no information on this Site should be construed as advice or as an endorsement. Users of this site are required to register and to agree, without exception, to our Web Site Access License Agreement. Users are solely responsible for determining whether the information provided on this Site is suitable for their purposes, and reliance on the information is at the user's sole risk. Users should obtain any additional information necessary to make informed decisions.