WHAT'S NEW

What's New

  • Sales Tax Exemption on Dental Devices Resumes July 1 +

    Additional Info on Filing a Claim with LDR, the Initial Revenue Ruling, and a Sample List of Items that are Exempt (Posted 6/27/18) Hold on to more of your hard Read More
  • Feature: HIPAA Technical Safeguard, Part 1 +

    HIPAA Technical Safeguard: Access Control By Robert McDermott, President & CEO / iCoreConnect This is the first article of a five-part series looking at the aspect of HIPAA law known as Read More
  • Legislative Update +

    2018 Legislative Session Report (posted 5/29/18) Read More
  • Other Opioid C.E. Resources +

    DATE: August 10, 2018 EVENT: Fall C.E. – Opioid CoursePROVIDER: Louisiana Dental Association, approved PACE program provider LOCATION: Country Inn and Suites, 2727 Monroe Highway 165, Pineville, La. REGISTRATION: www.ladental.org/fallce or Read More
  • Dental Benefits Covered by Each of Healthy Louisiana's 5 Health Plans +

    Click Here for information regarding dental benefits covered by each of Healthy Louisiana's 5 health plans Healthy Louisiana (previously called Bayou Health) is the way most of Louisiana's Medicaid and Read More
  • 1

ICC logo on white w tag web

HIPAA Technical Safeguard: Access Control

By Robert McDermott, President & CEO / iCoreConnect

This is the first article of a five-part series looking at the aspect of HIPAA law known as “Technical Safeguards.” In this brief article, we address “Access Control” [Regulation 164.312(a)(1)].

The Access Control standard ensures that devices are accessed only by known, authorized user(s).

What is a “Technical Safeguard”?

The HIPAA Technical Safeguards are parts of the law designed to secure Protected Health Information (PHI) in its electronic form (also known as “ePHI”).

Do you have to follow the Technical Safeguards?

The HIPAA Technical Safeguards are law. Adhering to the safeguards not only protects your patients’ data, but it protects you from costly fines.

How is Access Control implemented?

There are four implementation specifications for Access Control:

  1. Unique User Identification (Required): Assign a unique user ID to record user activity and identify those using electronic devices.
  2. Emergency Access Procedure (Required): Implement procedures allowing for access to ePHI in the event of an emergency.
  3. Automatic Logoff (*Addressable): Implement electronic procedures that automatically logs authorized staff off from the device they’re using to access or exchange ePHI.
  4. Encryption (*Addressable): Implement a system that encrypts messages sent beyond your firewall and decrypt messages coming into your system.

All ePHI must meet the standards set by the National Institute of Standards and Technology, regardless of whether the information is in transit or at rest.

*What’s the difference between “required” and “addressable”?

You may see the word “required” or “addressable” associated with different specifications of the law. In an “addressable” specification, the government gives you opportunity to document in writing how you have achieved the specification in an alternate manner or why you are unable to implement the specification.

All ePHI must meet the standards set by the National Institute of Standards and Technology, regardless of whether the information is in transit or at rest.

For more information about access controls, or to see if you’re in compliance with the “ACCESS CONTROL” security standard, visit HHS.gov or call iCoreConnect at (888) 810-7706. iCoreConnect’s cloud-based, HIPAA-compliant email exchange, iCoreExchange, is endorsed by the LDA.

lda logo white

Links with this symbol are password protected for LDA members only.
lda logo white

7833 Office Park Blvd.
Baton Rouge, LA 70809
(225) 926-1986  |  (800) 388-6642
(225) 926-1886  Fax
info@ladental.org

Links with this symbol are password protected for LDA members only.
7833 Office Park Blvd.
Baton Rouge, LA 70809
(225) 926-1986  |  (800) 388-6642
 Fax (225) 926-1886
info@ladental.org