Overview:
ยง164.530(c)(1)
Standard: Safeguards.
A covered entity must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information.
(2)(i) Implementation specification: Safeguards. A covered entity must reasonably safeguard protected health information from any intentional or unintentional use or disclosure that is in violation of the standards, implementation specifications or other requirements of this subpart.
(ii) A covered entity must reasonably safeguard protected health information to limit incidental uses or disclosures made pursuant to an otherwise permitted or required use or disclosure.
Action Items:
1) Obtain and review policies and procedures to determine if appropriate administrative, technical, and physical safeguards are in place.
2) Obtain and review documentation of specific safeguards in place from all three categories to reasonably protect the PHI. Such documentation may include, but is not limited to, policies and procedures, photographic or documentary documentation of physical and technical safeguards, and statements from privacy and security officials.
Related Documents:
1) Policies and procedures to determine if appropriate administrative, technical, and physical safeguards are in place.
2) Documentation of specific safeguards in place from all three categories to reasonably protect the PHI.
Additional Guidance:
A covered entity must maintain reasonable and appropriate administrative, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information in violation of the Privacy Rule and to limit its incidental use and disclosure pursuant to otherwise permitted or required use or disclosure. For example, such safeguards might include shredding documents containing protected health information before discarding them, securing medical records with lock and key or pass code, and limiting access to keys or pass codes.
Article ID: 579
Created: September 29, 2022
Last Updated: September 29, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/hipaa-privacy-safeguards-164-530-c-579.html