ATG HIPAA Security Rule Alerts
Alert #3
Covered Entities Must Comply With the Law
Covered Entities (CEs) include all health care providers (doctors, dentists, therapists, psychologists, pharmacists, etc.), health care clearinghouses, and health plans that electronically store or transmit electronic patient health information (EPHI). CEs may also include employers who are self-insured and who maintain electronic protected healthcare information (EPHI).
Covered Entities Must Comply With the Law
In addition, any business associate of these CEs who by agreement has access to this EPHI will be required to comply with the Security Rule as well. This comprehensive requirement will help to ensure that the same level of security is consistent throughout whenever health information is accessed or exchanged between organizations.
THE LAW
64.302 Applicability.
A covered entity must comply with the applicable standards, implementation specifications, and requirements of this subpart with respect to electronic protected health information.
164.306 Security standards: General rules.
(a) General requirements. Covered entities must do the following:
(1) Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains, or transmits.
(2) Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.
(3) Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under subpart E of this part.
(4) Ensure compliance with this subpart by its workforce
Back to ATG HIPAA Security Alerts
64.302 Applicability.
A covered entity must comply with the applicable standards, implementation specifications, and requirements of this subpart with respect to electronic protected health information.
164.306 Security standards: General rules.
(a) General requirements. Covered entities must do the following:
(1) Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains, or transmits.
(2) Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.
(3) Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under subpart E of this part.
(4) Ensure compliance with this subpart by its workforce