Some of the components involved with the HIPAA Security Rule applies to health plans, healthcare clearinghouses, and to any healthcare provider that transmits health information in an electronic form (HHS.org). These entities are affected and applied under the HIPAA Security Rule. The information that is protected includes individual health information in which “an entity creates, receives, maintains or transmits health records in the electronic form” (HHS.org). There are three fundamental areas that the HIPAA Security Rule address in which include technical safeguards, physical safeguards, and administrative safeguards. Technical safeguards must be implemented in order for electronic health information to be properly and safely transmitted. These safeguards include access control, audit controls, integrity controls, and transmission security (HSS.org). Access control requires a covered entity to implement policies and procedures to restrict a certain level of individuals from obtaining technical access to the electronic information. Audit controls must be implemented including but limited to hardware, software, and procedures to examine the access of electronic information and ensure the information is …show more content…
HIPAA Privacy Rule covers personal health information as a whole. Whether it is electronic or in the paper form, the Privacy Rule covers it. On that note, the Privacy Rule and Security Rule work hand in hand. The Security Rule is the more technical version of the Privacy Rule. The Privacy Rule requires certain documentation processes to be addressed in which complement the process of the Security Rule (HIPAA Security Rule). Regarding Omnibus, this rule modifies the HIPAA Privacy, Security, and Enforcement regulations (Rodriguez, 2013). Some of the modifications include strengthening the limitations and disclosure of protected health information, allowing individuals’ to receive their health information electronically, and factors concerning a reportable breach and how that to determine a breach occurred. Omnibus serves as a rule that updates and modify the valid points made in other HIPAA rules that will fill in the missing information that was not clarified in the other rules. By implementing a risk assessment and risk analysis on the electronic health information, this will determine from different dimensions of risk that may occur in the processes and procedures of handling electronic health information. When a risk assessment is performed, this will determine in which areas need to have a stronger security factor implemented to prevent a data breach from occurring involving electronic health information.