HIPAA

Download free HIPAA, PCIDSS and ISO27001 Password Security Policy Templates. This Templates covering basic security policy such as:
- To keep passwords confidential, which includes in no circumstances giving them to a third party, whatever the ostensible reason.

- To avoid keeping any paper or electronic record of passwords (unless this can be securely stored – which means encryption and strong, two-factor access control protection).

Two rules were published in the Federal Register by the Department of Health and Human Services after HIPAA was passed. The HIPAA Privacy Rule was published in December 2000, and the HIPAA Security Rule was published in February 2003.

The HIPAA Privacy Rule is focused mostly on administrative controls designed to protect patient privacy, such as securing or masking medical charts, locking file cabinets, and establishing privacy policies. The HIPAA Privacy Rule was enforced beginning April 2003.

The Health Insurance Portability and Accountability Act (HIPAA) requires all healthcare organizations using electronic protected health information (ePHI), as well as some third-party vendors (business associates) that handle that information, to comply with federal regulations aimed at protecting the privacy of patient data.

We've updated our original "HIPAA risk calculator" from 2002 to reflect changes and updates to the HIPAA regulations. In particular, the Final Rule regarding Provider IDs was announced in January 2004 and applications became available in May 2005. The dates for compliance are May 2007 for large plans and May 2008 for small plans, but the time to start planning for the changes is now. Compliance officers and consultants can use the questionnaire in this spreadsheet to check the status of a firm's HIPAA compliance efforts.

Answers to the fifty (50) questions in this risk calculator help covered entities determine the status of compliance efforts in the areas of HIPAA Privacy, Standardization of Code Sets, Security, National Provider Identifier, and Monitoring.

Download Page

Perhaps the most complex aspect of the healthcare vertical is the payment systems. Generally, a subscriber to a managed care plan pays some deductible, with an employer of that patient paying the rest to the managed care plan. The doctors who are part of those plans bill the plan directly for services rendered.

There may be intermediary services to which doctors subscribe to determine the eligibility of the patient. Hospitals also may bill patients and/or managed plans and have doctors, who may also be part of those plans, whom they need to pay. As you can see, the payment aspect can be quite complicated. In the end, the question of who pays is perhaps best answered by asking who benefits from these security solutions. Beneficiaries can be examined in two categories: those parties who would benefit from more cost-efficient solutions enabled by security technology, and those parties who are required to adhere to specific compliance regulations.

Electronic Communications Privacy Act regulates the monitoring of online information unless specific legal directives make exceptions.

Computer Fraud and Abuse Act of 1986, 18 U.S.C. 1001, established felony penalties for breaking into federal interest computer systems and penalties for illegally obtained computer password trafficking. Essentially this law clarified that unauthorized computer entry was considered illegal. In the early 1980s, entry into U.S. federal computer systems was not considered illegal.

Healthcare Insurance Portability and Accountability Act (HIPAA) provides guidance on how confidential patient information can be treated and accessed.