Created by Jason P. Rusch

1. Health Insurance Portability & Accountability Act
4 PROVISIONS
TRANSACTIONS & CODES
Administrative Physical Technical
PRIVACY RULE SECURITY RULE IDENTIFIERS
(04)(03)(02)(01)
Basic Principle. A major purpose
of the Privacy Rule is to define
and limit the circumstances in
which an individual’s protected
heath information may be used or
disclosed by covered entities.
Business associate contracts
164.308(b)(1) R1
Evaluation
164.308(a)(8) R
Security awareness and training
164.308(a)(5) A4
Workforce security
164.308(a)(3) A3
Assigned security responsibility
164.308(a)(2) R
Contingency plan
164.308(a)(7) R3/A2
Security management process
164.308(a)(1) R4
Information access management
164.308(a)(4) R1/A2
Security incident procedures
164.308(a)(6) R1
Transmission security
164.312(e)(1) A2
Person entity authentication
164.312(d) R
Access control
164.312(a)(1) R2/A2
Workstation security
164.310(c)(1) R
Workstation use
164.310(b)(1) R
Integrity
164.312(c)(1) A1
Facility access controls
164.310(a)(1) A4
Device and media controls
164.310(d)(1) R2/A2
Audit controls
164.312(b) R
Personal information such as
SSN, name, address, medical
record number, device.
Biometric information, internet
IP, email address, photo,
medical insurance ect
HIPAA requires every provider who does
business electronically to use the same
health care transactions, code sets, and
identifiers. HIPAA has identified TEN
standard transactions for Electronic Data
Interchange (EDI)
Authored by; Jason P. Rusch - CISSP, CISM, CISA | www.infosec-rusch.com | jason@infosec-rusch.com
3 STANDARD GROUPS
18 Standards
12 Required - 6 Addressable
36 Implementation
Specifications
14 Required / 22 Addressable