Minnesota AUC Home Calendar Technical Advisory Groups About Archives Administrative Simplification Forms MN Uniform Companion Guides Best Practices Coding FAQs Links MN Department of Health		Security Standards Overview: There is often confusion about the difference between privacy, confidentiality and security. In the context of HIPAA, privacy determines who should have access, what constitutes the patient’s rights to confidentiality, and what constitutes inappropriate access to health records. Confidentiality establishes how the records (or the systems that hold those records) should be protected from inappropriate access. Security is the means by which you ensure privacy and confidentiality. Background: One of the provisions of HIPAA calls for electronic data interchange (EDI) transaction standards. The logic behind the set of requirements was that it would facilitate the computer-computer exchange of information throughout the care delivery system. Making these transactions easier, however, may increase the risk of inappropriate access to sensitive information. Consequently HIPAA also calls for security standards. Goal: The new security standards were designed to protect all electronic health information from improper access or alteration, and to protect against loss of records. Health plans, health care clearinghouses, and health care providers would use the security standards to develop and maintain the security of all electronic individual health information. The Security and Electronic Signature Standards have set the minimum level or "Floor" of security for individually identifiable health information maintained in or transmitted by health care organizations. The electronic signature standard is applicable only with respect to use with the specific transactions defined in the Health Insurance Portability and Accountability Act of 1996, and when it has been determined that an electronic signature must be used. Specifics: HIPAA has categorized the security requirements into six categories: administrative procedures; physical safeguards; security configuration management; technical security services, technical mechanisms, and electronic signatures. Although the requirements in these categories overlap, they are intended to help organizations understand the different types of requirements needed for a comprehensive security approach. Administrative Procedures: Certification Chain of trust Partner Agreements Contingency Plan Formal Mechanism for Processing Records Information Access Control Internal Audit Personnel Security Physical Safeguards: Assigned Security Responsibility Media Controls Physical Access controls Policy / Guidelines on Workstation Use Secure Workstation Location Security Awareness Training Security Configuration Management: Security Incident Procedures Security Management Process Termination Procedures Training Technical Security Services: Access Controls Audit Controls Authorization Controls Data Authentication Entity Authentication Technical Security Mechanism: Communication/Networking Controls Network Controls Electronic Signature: Digital Signature Each health care organization is also required to designate someone as having the responsibility of ensuring that the company complies with the minimal level of security as outlined in the regulations. Impact: Whether your organization’s current security infrastructure meets the minimum security standards or not, every organization covered by the standards will need to have the ability to demonstrate that effective management, operational, and technical controls are in place and that they comply with the minimum level. Benefits: This will ensure the confidentiality of individually identifiable health care data.		Most Viewed Claims Forms * Attachment Cover Sheet         (Instructions-pdf) * Appeal Request Form    (Instructions-pdf) * Payer Contact Info (pdf) Contact us If you have questions or comments about information on this page email: health.auc@state.mn.us Subscribe to AUC updates Adobe Acrobat Reader to view PDF files (free download from Adobe website)