HIPAA defines companies that provide service to Healthcare Providers as Business
Associates. Though the guidelines and regulations of HIPAA are not directly enforced
upon Business Associates, but rather on the Healthcare Providers, At Talisman Solutions,
we are meticulously working on complying to very details of the Security and Privacy
regulations of HIPAA.We help the Providers to fulfill the PHI Privacy and Security
Security Guidelines of Administrative Simplication
Administrative Procedures: Documented formal practices
to manage the selection and execution of security measures to protect data and the
conduct of personnel in relation to the protection of data.
Sanction and Security policy:
Termination Procedures - locks changed, removal from access lists and user account(s)
Training - User ed. concerning virus protection and password management
Physical Safeguards: The protection of physical computer
systems and related buildings an equipment form fire and other natural and environmental
hazards, as well as from intrusion. Physical safeguards also cover the use of locks,
keys, and administrative measures used to control access to computer systems and
Technical Security Services: Include the processes that
are put into place to protect and to control and monitor information access.
Technical Security Mechanisms: Include the processes that
are put into place to prevent unauthorized access to data that is transmitted over
a communications network.
Privacy Guidelines of Administrative Simplification*
The Privacy Rule provides the first comprehensive Federal protection for the privacy
of health information and is carefully balanced to provide strong privacy protections
that do not interfere with patient access to, or the quality of, healthcare delivery.
Incidental Uses and Disclosures (45CFR 164.502(a))
An incidental use of disclosure is a secondary use of disclosure that cannot be
reasonably be prevented, is limited in nature, and that occurs as a result of another
use or disclosure that is permitted by the Rule. An incidental use or disclosure
is NOT permitted if it is a by-product of an underlying use or disclosure, which
violates the Privacy Rule.
Minimum Necessary (45CFR 164.502(b), 164.514(d))
The Privacy Rule requires covered entities to take reasonable steps to limit the
use or disclosure of protected health information to the minimum necessary to accomplish
the intended purpose.
Personal Representatives (45CFR 164.502(g))
Covered entities are required to treat an individual's personal representative as
the individual with respect to uses and disclosures of the individual's protected
health information. The personal representative has the ability to act for the individual,
exercise the individual's rights, and may also authorize disclosures of the individual's
protected health information.
Business Associates (45CFR 164.502(e), 164.504(e), 164.532(d) and (e))
The Privacy Rule allows covered providers to disclose protected health information
to these "business associates" if the providers obtain satisfactory assurances that
the business associate will use the information only for the purposes for which
it was engaged by the covered entity, will safeguard the information from misuse,
will help the covered entity comply with some of the covered entity's duties under
the Privacy Rule, and help the covered entity carry out its healthcare functions.