Welcome to HIPAA96 - A Service of Western Midrange Corporation

HIPAA Facts Summary

Security Standard CONCEPTS

There are several high-level concepts on which an acceptable standard must be based:

  • Comprehensive adoption of security standards in the  health care industry is desirable to provide security to data that is exchanged between health care trading partners.
  • By definition, if a system or communications between two systems, were implemented with technology(s) meeting standards in a general system security framework (Identification and Authentication; Authorization and Access Control; Accountability; Integrity and Availability; Security of Communication; and Security Administration.) that system would be essentially secure.
  • No single standards development organization is addressing all aspects of health care information security and confidentiality.
  • The standard must be technology-neutral.
  • The standard must be scalable.
  • How individual security requirements would be satisfied and which technology to use would be business decisions that each organization would have to make.

Inherent in these concepts is a vision of solutions that strike a balance between the need to secure health data against risk and the economic cost of doing so.

All organizations that handle patient-identifiable health care information--regardless of size--need to adopt a set of technical and organizational policies, practices, and procedures.

The following outline represents a starting point for the development of organizational policies and procedures:

  • Organizational Practices
  1. Confidentiality and security policies
  2. Information security officers
  3. Education and training
  4. Enforcement
  • Technical Practices and Procedures
  1. Individual user authentication
  2. Data and system access controls
  3. Audit trails
  4. Physical security and disaster recovery
  5. Securing remote access points
  6. Securing external electronic communications
  7. Software usage policies
  8. Situational analysis of systems.

The proposed security requirements, for purposes of presentation are divided into four categories:

  • Administrative procedures to guard data integrity, confidentiality, and availability
  • Physical safeguards to guard data integrity, confidentiality, and availability
  • Technical security services to guard data integrity, confidentiality, and availability, and
  • Technical security mechanisms.

For more information on the Security Plans or any other services offered by the HIPAA96 Initiative, you may Contact Your WMC HIPAA96 Representative or send an email to sales@hipaa96.com.

Return to top of this page

Copyright © 2000 HIPAA96, Western Midrange Corporation. All rights reserved.
Revised: February 25, 2000

For information concerning this web site contact the WEBMASTER.