This document discusses security safeguards and breach notification rules for electronic health information exchange under HIPAA regulations. It outlines requirements for the HIPAA Security Rule including risk analysis, assigned security responsibilities, and workforce security. It also describes what constitutes a breach of protected health information, notification requirements for individuals and health authorities in the event of a breach, and enforcement by the Federal Trade Commission.

1. Philadelphia Center
N.W. Louisiana AIDS Resource Center
http://www.hhs.gov/ocr/privacy/

2. Electronic Health Information Exchange in
a Networked Environment
Safeguards
Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)

3. Security Rule
 Security Management
Process
 Risk Analysis
 Risk Management
 Sanction Policy
 Information System
Activity Review
 Assigned Security
Responsibility
 Workforce Security
 Security Awareness and
Training
Administrative Safeguards
Security Compliance Team

4. Electronic Health Information Exchange in
a Networked Environment
Breach Notification Rule
for Electronic Health Information

5. Breach
 Burden of Proof
 Breach Notification
Requirements
 Individual Notice
 Health Breach Notification
Rule
 Federal Trade Commission
 Notice to the Secretary of
Breaches
A breach is an impermissible use or
disclosure under the Privacy Rule
that compromises the security or
privacy of the Protected Health
Information

6. Philadelphia Center
N.W. Louisiana AIDS Resource Center
http://www.hhs.gov/ocr/privacy/

7. Philadelphia Center
N.W. Louisiana AIDS Resource Center
http://www.hhs.gov/ocr/privacy/