Health Information Compliance Alert

Regulations:

What The Regs Say About... Flexibility Of Approach

Here's what the final HIPAA security rule says about the amount of flexibility your facility is allowed:

45 CFR 164.306(b)

(2) -In deciding which security measures to use, a covered entity must take into account the following factors:

(i)-The size, complexity and capabilities of the covered entity

(ii)-The covered entity's technical infrastructure, hardware and software security capabilities

(iii)-The costs of security measures

(iv)-The probability and criticality of potential risks to electronic protected health information.

Other Articles in this issue of

Health Information Compliance Alert

View All