SlideShare a Scribd company logo
Health Insurance Portability & Accountability Act
4 PROVISIONS
TRANSACTIONS & CODES
Administrative Physical Technical
PRIVACY RULE SECURITY RULE IDENTIFIERS
(04)(03)(02)(01)
Basic Principle. A major purpose
of the Privacy Rule is to define
and limit the circumstances in
which an individual’s protected
heath information may be used or
disclosed by covered entities.
Business associate contracts
164.308(b)(1) R1
Evaluation
164.308(a)(8) R
Security awareness and training
164.308(a)(5) A4
Workforce security
164.308(a)(3) A3
Assigned security responsibility
164.308(a)(2) R
Contingency plan
164.308(a)(7) R3/A2
Security management process
164.308(a)(1) R4
Information access management
164.308(a)(4) R1/A2
Security incident procedures
164.308(a)(6) R1
Transmission security
164.312(e)(1) A2
Person entity authentication
164.312(d) R
Access control
164.312(a)(1) R2/A2
Workstation security
164.310(c)(1) R
Workstation use
164.310(b)(1) R
Integrity
164.312(c)(1) A1
Facility access controls
164.310(a)(1) A4
Device and media controls
164.310(d)(1) R2/A2
Audit controls
164.312(b) R
Personal information such as
SSN, name, address, medical
record number, device.
Biometric information, internet
IP, email address, photo,
medical insurance ect
HIPAA requires every provider who does
business electronically to use the same
health care transactions, code sets, and
identifiers. HIPAA has identified TEN
standard transactions for Electronic Data
Interchange (EDI)
Authored by; Jason P. Rusch - CISSP, CISM, CISA | www.infosec-rusch.com | jason@infosec-rusch.com
3 STANDARD GROUPS
18 Standards
12 Required - 6 Addressable
36 Implementation
Specifications
14 Required / 22 Addressable

More Related Content

More from Jason Rusch - CISSP CGEIT CISM CISA GNSA

NIST sp800 53-v4 Topology
NIST sp800 53-v4 TopologyNIST sp800 53-v4 Topology
NIST sp800 53-v4 Topology
Jason Rusch - CISSP CGEIT CISM CISA GNSA
 
CSA v4 Topology
CSA v4 TopologyCSA v4 Topology
ISO.IEC 27001 27002-2013
ISO.IEC 27001 27002-2013ISO.IEC 27001 27002-2013
ISO.IEC 27000 Series Map
ISO.IEC 27000 Series MapISO.IEC 27000 Series Map
Cobit v5 High Level Controls Topology
Cobit v5 High Level Controls TopologyCobit v5 High Level Controls Topology
Cobit v5 High Level Controls Topology
Jason Rusch - CISSP CGEIT CISM CISA GNSA
 
Cobit & ISO 27002 Governance Topology
Cobit & ISO 27002 Governance TopologyCobit & ISO 27002 Governance Topology
Cobit & ISO 27002 Governance Topology
Jason Rusch - CISSP CGEIT CISM CISA GNSA
 
GLBA Topology
GLBA TopologyGLBA Topology
ISO.IEC_27001-27002-2013 Topology
ISO.IEC_27001-27002-2013 TopologyISO.IEC_27001-27002-2013 Topology
ISO.IEC_27001-27002-2013 Topology
Jason Rusch - CISSP CGEIT CISM CISA GNSA
 
PCI-DSS DESV Topology
PCI-DSS DESV TopologyPCI-DSS DESV Topology
DATA PROTECTION LAWS OF THE WORLD
DATA PROTECTION LAWS OF THE WORLDDATA PROTECTION LAWS OF THE WORLD
DATA PROTECTION LAWS OF THE WORLD
Jason Rusch - CISSP CGEIT CISM CISA GNSA
 
Common Security Framework Summary
Common Security Framework SummaryCommon Security Framework Summary
Common Security Framework Summary
Jason Rusch - CISSP CGEIT CISM CISA GNSA
 
Information_Governance_Risk_Compliance_Frameworks (v5)
Information_Governance_Risk_Compliance_Frameworks (v5)Information_Governance_Risk_Compliance_Frameworks (v5)
Information_Governance_Risk_Compliance_Frameworks (v5)
Jason Rusch - CISSP CGEIT CISM CISA GNSA
 
SOX Titles Topology
SOX Titles TopologySOX Titles Topology
ITIL v3 Topology
ITIL v3 TopologyITIL v3 Topology
HITRUST CSF Topology
HITRUST CSF TopologyHITRUST CSF Topology
HIPAA Topology
HIPAA TopologyHIPAA Topology
GLBA Topology
GLBA TopologyGLBA Topology
COSO ERM Topology
COSO ERM TopologyCOSO ERM Topology
Octave Topology
Octave TopologyOctave Topology
FFIEC I.T. Booklets Topology
FFIEC I.T. Booklets TopologyFFIEC I.T. Booklets Topology
FFIEC I.T. Booklets Topology
Jason Rusch - CISSP CGEIT CISM CISA GNSA
 

More from Jason Rusch - CISSP CGEIT CISM CISA GNSA (20)

NIST sp800 53-v4 Topology
NIST sp800 53-v4 TopologyNIST sp800 53-v4 Topology
NIST sp800 53-v4 Topology
 
CSA v4 Topology
CSA v4 TopologyCSA v4 Topology
CSA v4 Topology
 
ISO.IEC 27001 27002-2013
ISO.IEC 27001 27002-2013ISO.IEC 27001 27002-2013
ISO.IEC 27001 27002-2013
 
ISO.IEC 27000 Series Map
ISO.IEC 27000 Series MapISO.IEC 27000 Series Map
ISO.IEC 27000 Series Map
 
Cobit v5 High Level Controls Topology
Cobit v5 High Level Controls TopologyCobit v5 High Level Controls Topology
Cobit v5 High Level Controls Topology
 
Cobit & ISO 27002 Governance Topology
Cobit & ISO 27002 Governance TopologyCobit & ISO 27002 Governance Topology
Cobit & ISO 27002 Governance Topology
 
GLBA Topology
GLBA TopologyGLBA Topology
GLBA Topology
 
ISO.IEC_27001-27002-2013 Topology
ISO.IEC_27001-27002-2013 TopologyISO.IEC_27001-27002-2013 Topology
ISO.IEC_27001-27002-2013 Topology
 
PCI-DSS DESV Topology
PCI-DSS DESV TopologyPCI-DSS DESV Topology
PCI-DSS DESV Topology
 
DATA PROTECTION LAWS OF THE WORLD
DATA PROTECTION LAWS OF THE WORLDDATA PROTECTION LAWS OF THE WORLD
DATA PROTECTION LAWS OF THE WORLD
 
Common Security Framework Summary
Common Security Framework SummaryCommon Security Framework Summary
Common Security Framework Summary
 
Information_Governance_Risk_Compliance_Frameworks (v5)
Information_Governance_Risk_Compliance_Frameworks (v5)Information_Governance_Risk_Compliance_Frameworks (v5)
Information_Governance_Risk_Compliance_Frameworks (v5)
 
SOX Titles Topology
SOX Titles TopologySOX Titles Topology
SOX Titles Topology
 
ITIL v3 Topology
ITIL v3 TopologyITIL v3 Topology
ITIL v3 Topology
 
HITRUST CSF Topology
HITRUST CSF TopologyHITRUST CSF Topology
HITRUST CSF Topology
 
HIPAA Topology
HIPAA TopologyHIPAA Topology
HIPAA Topology
 
GLBA Topology
GLBA TopologyGLBA Topology
GLBA Topology
 
COSO ERM Topology
COSO ERM TopologyCOSO ERM Topology
COSO ERM Topology
 
Octave Topology
Octave TopologyOctave Topology
Octave Topology
 
FFIEC I.T. Booklets Topology
FFIEC I.T. Booklets TopologyFFIEC I.T. Booklets Topology
FFIEC I.T. Booklets Topology
 

Recently uploaded

nurs fpx 4050 assessment 4 final care coordination plan.pdf
nurs fpx 4050 assessment 4 final care coordination plan.pdfnurs fpx 4050 assessment 4 final care coordination plan.pdf
nurs fpx 4050 assessment 4 final care coordination plan.pdf
Carolyn Harker
 
GIT BS.pptx about human body their structure and
GIT BS.pptx about human body their structure andGIT BS.pptx about human body their structure and
GIT BS.pptx about human body their structure and
MuzafarBohio
 
Hypotension and role of physiotherapy in it
Hypotension and role of physiotherapy in itHypotension and role of physiotherapy in it
Hypotension and role of physiotherapy in it
Vishal kr Thakur
 
Top massage center in ajman chandrima Spa
Top massage center in ajman chandrima  SpaTop massage center in ajman chandrima  Spa
Top massage center in ajman chandrima Spa
Chandrima Spa Ajman
 
Hypertension and it's role of physiotherapy in it.
Hypertension and it's role of physiotherapy in it.Hypertension and it's role of physiotherapy in it.
Hypertension and it's role of physiotherapy in it.
Vishal kr Thakur
 
Mental Health and Physical Wellbeing.pdf
Mental Health and Physical Wellbeing.pdfMental Health and Physical Wellbeing.pdf
Mental Health and Physical Wellbeing.pdf
shindesupriya013
 
NURSING MANAGEMENT OF PATIENT WITH EMPHYSEMA .PPT
NURSING MANAGEMENT OF PATIENT WITH EMPHYSEMA .PPTNURSING MANAGEMENT OF PATIENT WITH EMPHYSEMA .PPT
NURSING MANAGEMENT OF PATIENT WITH EMPHYSEMA .PPT
blessyjannu21
 
CHAPTER 1 SEMESTER V COMMUNICATION TECHNIQUES FOR CHILDREN.pdf
CHAPTER 1 SEMESTER V  COMMUNICATION TECHNIQUES FOR CHILDREN.pdfCHAPTER 1 SEMESTER V  COMMUNICATION TECHNIQUES FOR CHILDREN.pdf
CHAPTER 1 SEMESTER V COMMUNICATION TECHNIQUES FOR CHILDREN.pdf
Sachin Sharma
 
Unlocking the Secrets to Safe Patient Handling.pdf
Unlocking the Secrets to Safe Patient Handling.pdfUnlocking the Secrets to Safe Patient Handling.pdf
Unlocking the Secrets to Safe Patient Handling.pdf
Lift Ability
 
Pneumothorax and role of Physiotherapy in it.
Pneumothorax and role of Physiotherapy in it.Pneumothorax and role of Physiotherapy in it.
Pneumothorax and role of Physiotherapy in it.
Vishal kr Thakur
 
TEST BANK FOR Health Assessment in Nursing 7th Edition by Weber Chapters 1 - ...
TEST BANK FOR Health Assessment in Nursing 7th Edition by Weber Chapters 1 - ...TEST BANK FOR Health Assessment in Nursing 7th Edition by Weber Chapters 1 - ...
TEST BANK FOR Health Assessment in Nursing 7th Edition by Weber Chapters 1 - ...
rightmanforbloodline
 
Surface guided deep inspiration breath hold (SG-DIBH) in ultra-hypofractionat...
Surface guided deep inspiration breath hold (SG-DIBH) in ultra-hypofractionat...Surface guided deep inspiration breath hold (SG-DIBH) in ultra-hypofractionat...
Surface guided deep inspiration breath hold (SG-DIBH) in ultra-hypofractionat...
SGRT Community
 
Monopoly PCD Pharma Franchise in Tripura
Monopoly PCD Pharma Franchise in TripuraMonopoly PCD Pharma Franchise in Tripura
Monopoly PCD Pharma Franchise in Tripura
SKG Internationals
 
Pediatric Emergency Care for Children | Apollo Hospital
Pediatric Emergency Care for Children | Apollo HospitalPediatric Emergency Care for Children | Apollo Hospital
Pediatric Emergency Care for Children | Apollo Hospital
Apollo 24/7 Adult & Paediatric Emergency Services
 
NEEDLE STICK INJURY - JOURNAL CLUB PRESENTATION - DR SHAMIN EABENSON
NEEDLE STICK INJURY - JOURNAL CLUB PRESENTATION - DR SHAMIN EABENSONNEEDLE STICK INJURY - JOURNAL CLUB PRESENTATION - DR SHAMIN EABENSON
NEEDLE STICK INJURY - JOURNAL CLUB PRESENTATION - DR SHAMIN EABENSON
SHAMIN EABENSON
 
Michigan HealthTech Market Map 2024 with Policy Makers, Academic Innovation C...
Michigan HealthTech Market Map 2024 with Policy Makers, Academic Innovation C...Michigan HealthTech Market Map 2024 with Policy Makers, Academic Innovation C...
Michigan HealthTech Market Map 2024 with Policy Makers, Academic Innovation C...
Levi Shapiro
 
leprosy Case detection and diagnosis.pptx
leprosy Case detection and diagnosis.pptxleprosy Case detection and diagnosis.pptx
leprosy Case detection and diagnosis.pptx
habtegirma
 
Professional Secrecy: Forensic Medicine Lecture
Professional Secrecy: Forensic Medicine LectureProfessional Secrecy: Forensic Medicine Lecture
Professional Secrecy: Forensic Medicine Lecture
DIVYANSHU740006
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
40fortunate
 
Sexual Disorders.gender identity disorderspptx
Sexual Disorders.gender identity  disorderspptxSexual Disorders.gender identity  disorderspptx
Sexual Disorders.gender identity disorderspptx
Pupayumnam1
 

Recently uploaded (20)

nurs fpx 4050 assessment 4 final care coordination plan.pdf
nurs fpx 4050 assessment 4 final care coordination plan.pdfnurs fpx 4050 assessment 4 final care coordination plan.pdf
nurs fpx 4050 assessment 4 final care coordination plan.pdf
 
GIT BS.pptx about human body their structure and
GIT BS.pptx about human body their structure andGIT BS.pptx about human body their structure and
GIT BS.pptx about human body their structure and
 
Hypotension and role of physiotherapy in it
Hypotension and role of physiotherapy in itHypotension and role of physiotherapy in it
Hypotension and role of physiotherapy in it
 
Top massage center in ajman chandrima Spa
Top massage center in ajman chandrima  SpaTop massage center in ajman chandrima  Spa
Top massage center in ajman chandrima Spa
 
Hypertension and it's role of physiotherapy in it.
Hypertension and it's role of physiotherapy in it.Hypertension and it's role of physiotherapy in it.
Hypertension and it's role of physiotherapy in it.
 
Mental Health and Physical Wellbeing.pdf
Mental Health and Physical Wellbeing.pdfMental Health and Physical Wellbeing.pdf
Mental Health and Physical Wellbeing.pdf
 
NURSING MANAGEMENT OF PATIENT WITH EMPHYSEMA .PPT
NURSING MANAGEMENT OF PATIENT WITH EMPHYSEMA .PPTNURSING MANAGEMENT OF PATIENT WITH EMPHYSEMA .PPT
NURSING MANAGEMENT OF PATIENT WITH EMPHYSEMA .PPT
 
CHAPTER 1 SEMESTER V COMMUNICATION TECHNIQUES FOR CHILDREN.pdf
CHAPTER 1 SEMESTER V  COMMUNICATION TECHNIQUES FOR CHILDREN.pdfCHAPTER 1 SEMESTER V  COMMUNICATION TECHNIQUES FOR CHILDREN.pdf
CHAPTER 1 SEMESTER V COMMUNICATION TECHNIQUES FOR CHILDREN.pdf
 
Unlocking the Secrets to Safe Patient Handling.pdf
Unlocking the Secrets to Safe Patient Handling.pdfUnlocking the Secrets to Safe Patient Handling.pdf
Unlocking the Secrets to Safe Patient Handling.pdf
 
Pneumothorax and role of Physiotherapy in it.
Pneumothorax and role of Physiotherapy in it.Pneumothorax and role of Physiotherapy in it.
Pneumothorax and role of Physiotherapy in it.
 
TEST BANK FOR Health Assessment in Nursing 7th Edition by Weber Chapters 1 - ...
TEST BANK FOR Health Assessment in Nursing 7th Edition by Weber Chapters 1 - ...TEST BANK FOR Health Assessment in Nursing 7th Edition by Weber Chapters 1 - ...
TEST BANK FOR Health Assessment in Nursing 7th Edition by Weber Chapters 1 - ...
 
Surface guided deep inspiration breath hold (SG-DIBH) in ultra-hypofractionat...
Surface guided deep inspiration breath hold (SG-DIBH) in ultra-hypofractionat...Surface guided deep inspiration breath hold (SG-DIBH) in ultra-hypofractionat...
Surface guided deep inspiration breath hold (SG-DIBH) in ultra-hypofractionat...
 
Monopoly PCD Pharma Franchise in Tripura
Monopoly PCD Pharma Franchise in TripuraMonopoly PCD Pharma Franchise in Tripura
Monopoly PCD Pharma Franchise in Tripura
 
Pediatric Emergency Care for Children | Apollo Hospital
Pediatric Emergency Care for Children | Apollo HospitalPediatric Emergency Care for Children | Apollo Hospital
Pediatric Emergency Care for Children | Apollo Hospital
 
NEEDLE STICK INJURY - JOURNAL CLUB PRESENTATION - DR SHAMIN EABENSON
NEEDLE STICK INJURY - JOURNAL CLUB PRESENTATION - DR SHAMIN EABENSONNEEDLE STICK INJURY - JOURNAL CLUB PRESENTATION - DR SHAMIN EABENSON
NEEDLE STICK INJURY - JOURNAL CLUB PRESENTATION - DR SHAMIN EABENSON
 
Michigan HealthTech Market Map 2024 with Policy Makers, Academic Innovation C...
Michigan HealthTech Market Map 2024 with Policy Makers, Academic Innovation C...Michigan HealthTech Market Map 2024 with Policy Makers, Academic Innovation C...
Michigan HealthTech Market Map 2024 with Policy Makers, Academic Innovation C...
 
leprosy Case detection and diagnosis.pptx
leprosy Case detection and diagnosis.pptxleprosy Case detection and diagnosis.pptx
leprosy Case detection and diagnosis.pptx
 
Professional Secrecy: Forensic Medicine Lecture
Professional Secrecy: Forensic Medicine LectureProfessional Secrecy: Forensic Medicine Lecture
Professional Secrecy: Forensic Medicine Lecture
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
 
Sexual Disorders.gender identity disorderspptx
Sexual Disorders.gender identity  disorderspptxSexual Disorders.gender identity  disorderspptx
Sexual Disorders.gender identity disorderspptx
 

HIPAA Topology

  • 1. Health Insurance Portability & Accountability Act 4 PROVISIONS TRANSACTIONS & CODES Administrative Physical Technical PRIVACY RULE SECURITY RULE IDENTIFIERS (04)(03)(02)(01) Basic Principle. A major purpose of the Privacy Rule is to define and limit the circumstances in which an individual’s protected heath information may be used or disclosed by covered entities. Business associate contracts 164.308(b)(1) R1 Evaluation 164.308(a)(8) R Security awareness and training 164.308(a)(5) A4 Workforce security 164.308(a)(3) A3 Assigned security responsibility 164.308(a)(2) R Contingency plan 164.308(a)(7) R3/A2 Security management process 164.308(a)(1) R4 Information access management 164.308(a)(4) R1/A2 Security incident procedures 164.308(a)(6) R1 Transmission security 164.312(e)(1) A2 Person entity authentication 164.312(d) R Access control 164.312(a)(1) R2/A2 Workstation security 164.310(c)(1) R Workstation use 164.310(b)(1) R Integrity 164.312(c)(1) A1 Facility access controls 164.310(a)(1) A4 Device and media controls 164.310(d)(1) R2/A2 Audit controls 164.312(b) R Personal information such as SSN, name, address, medical record number, device. Biometric information, internet IP, email address, photo, medical insurance ect HIPAA requires every provider who does business electronically to use the same health care transactions, code sets, and identifiers. HIPAA has identified TEN standard transactions for Electronic Data Interchange (EDI) Authored by; Jason P. Rusch - CISSP, CISM, CISA | www.infosec-rusch.com | jason@infosec-rusch.com 3 STANDARD GROUPS 18 Standards 12 Required - 6 Addressable 36 Implementation Specifications 14 Required / 22 Addressable