U.S. Department of Health and Human Services
Indian Health Service: The Federal Health Program for American Indians and Alaska Natives
A - Z Index:
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
#
picture of Family holding hands
 HIPAA – Health Insurance Portability and Accountability Act title
  
Home
line
HIPAA Coordinators
line
HIPAA Training
box Learn, Train & Protect
box About HIPAA
   Regulations
box Training Information
line
HIPAA 835 & 837 Training
line
Privacy Standards
line
Transactions and Code Sets Standards
line
Security Standards
line
Identifiers Standards
line
line
Forms, Policies & Procedures
line
Helpful Links
line
HIPAA FAQ
line
Questions or Comments. Please contact the Site Manager.


Security Standards

The HIPAA Security Standards must be applied by health plans, health care clearinghouses, and health care providers to all health information that is maintained or transmitted electronically. The standards are intended to protect both the system and the information it contains from unauthorized access and misuse. Each covered entity must assess its systems for potential risk and vulnerabilities to the health information it houses and develop, implement, and maintain appropriate security measures. The security requirements include:

  • Administrative procedures - security measures to protect data and manage the conduct of personnel in protecting data
  • Physical safeguards - protection of physical computer systems and related buildings from hazards and intrusion
  • Technical security services - processes to protect, control, and monitor information access
  • Technical security mechanisms - processes to prevent unauthorized access to data transmitted over a communications network

The Final Rule adopting HIPAA standards for the security of electronic health information was published in the Federal Register on February 20, 2003. This final rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information. The standards are delineated into either required or addressable implementation specifications. Compliance is required by April 21, 2005.

Security Standards

  • The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Title II) required the Department of Health and Human Services (HHS) to establish national standards for the security of electronic health care information. The final rule adopting HIPAA standards for security was published in the Federal Register on February 20, 2003. This final rule specifies a series of administrative, technial, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information. The standards are delineated into either required or addressable implementation specifications.

    More information can be found for the implementation of this rule at the CMS website Exit Disclaimer – You Are Leaving www.ihs.gov .

  • IHS Security Standards Checklist [PDF-41KB]

The IHS effort to comply with the HIPAA Security Standards is being led by Ryan Chapman, the Acting Chief Information Security Officer or designee. If you want information on what the CISO is doing, he can be reached by telephone at 301-443-2537.

IHS Information Security Status

There is a great deal of cross over between The Federal Information Security Act (FISMA) which applies to Federal programs and the security requirements for HIPAA. The attached matrix [PDF 1MB] demonstrates the areas of crossover. The Indian Health Service has been working to comply with FISMA for several years and by doing this IHS has meet most of the HIPAA security standards. Information on the IHS Information Security Program can be found at the IHS Security Program WEB site. The attached manual [PDF 1.5MB] provides guidelines for navigating IHS Security Program WEB pages. For security reasons this security WEB site is only available to users of the IHS Intranet.

IHS Chief Information Security Officer Guidance for Meeting HIPAA Security Standards.

This website may require you to download plug-ins to view all content.

usa.gov link   Accessibility · Disclaimer · FAQs · Website Privacy Policy · Plain Writing Act · Freedom of Information Act · HIPAA · No Fear · Glossary · Contact

Indian Health Service (HQ) - The Reyes Building, 801 Thompson Avenue, Ste. 400 - Rockville, MD 20852