HIPAA IT
Dealing with the HIPAA Security Rules
in Your Healthcare Practice
Kurt Buckardt, CSO Konsultek
- CISSP
- NSA IAM/IEM Certified
- Member ISACA
- CCSE
www.konsultek.com
847.426.9355

HIPAA IT: The Timeline
• 1996 Health Insurance Portability and
Accountability Act (HIPAA) enacted
• 2003 Health and Human Services Develops
the HIPAA Security Rule.
• 2009 Obama administration declares that
there will be a Cyber Czar.
www.konsultek.com
847.426.9355

HIPAA IT: The Reality
"Small practice healthcare providers can
expect to see significant regulatory
changes"
www.konsultek.com
847.426.9355

HIPAA IT: The Security Rule
• Designed to ensure the confidentiality,
integrity, and availability of electronic
protected health information (EPHI)
www.konsultek.com
847.426.9355

HIPAA IT: The Security Rule has 3 Controls
1. Technical safeguards designed to protect data and
control access to information by individuals as well
as guarding unauthorized access via an information
network.
2. Physical safeguards designed to protect data from
the hazards of fire, weather, environment, or
intrusion.
3. Administrative safeguards designed to document
formal policies and practices for data protection,
including the organization's security management
process, and implementation specifications.
www.konsultek.com
847.426.9355

HIPAA IT: Technical Safeguards encompass
5 specific areas
1. HIPAA Access Control Standard
2. HIPAA Audit Controls Standard
3. HIPAA Integrity Standard
4. HIPAA Person or Entity Authentication
Standard
5. HIPAA Transmission Security Standard
www.konsultek.com
847.426.9355

HIPAA IT: HIPAA Access Control Standard
Implement technical policies and procedures for
electronic information systems that maintain
electronic protected health information to
allow access only to those persons or
software programs that have been granted
access rights as specified in § 164.308(a)
(4).76
www.konsultek.com
847.426.9355

HIPAA IT: HIPAA Audit Controls Standard
Implement hardware, software, and/or
procedural mechanisms that record and
examine activity in information systems that
contain or use electronic protected health
information.
www.konsultek.com
847.426.9355

HIPAA IT: HIPAA Integrity Standard
Implement policies and procedures to protect
electronic protected health information from
improper alteration or destruction.
www.konsultek.com
847.426.9355

HIPAA IT: HIPAA Person or Entity
Authentication Standard
Implement procedures to verify that a person or
entity seeking access to electronic protected
health information is the one claimed.
www.konsultek.com
847.426.9355

HIPAA IT: HIPAA Transmission Security
Standard
Implement technical security measures to guard
against unauthorized access to electronic
protected health information that is being
transmitted over an electronic
communications network.
www.konsultek.com
847.426.9355

Avoid HIPAA Security Problems!
Make more sense of the HIPAA Security Rule and get a
full appreciation of what the future of healthcare security
holds for your practice request the 12 page white paper
“Is There an IT Doctor in the House?”
Dealing With the HIPAA Security Rule and EHR
Security Compliance in a Small Healthcare Practice
Get it hereHIPAA IT
www.konsultek.com
847.426.9355

Konsultek
Kurt Buckardt, CSO Konsultek
- CISSP
- NSA IAM/IEM Certified
- Member ISACA
- CCSE
We take the pain out of your
healthcare practice’s IT security
and continuity.
www.konsultek.com
847.426.9355