Health Information Compliance Alert

Regulations:

WHAT THE REGS SAY ABOUT...FLEXIBILITY OF APPROACH

Here's what the final HIPAA security rule says about the amount of flexibility your facility is allowed:

45 CFR 164.306(b)

(2) In deciding which security measures to use, a covered entity must take into account the following factors:

(i) The size, complexity and capabilities of the covered entity.
(ii) The covered entity's technical infrastructure, hardware and software security capabilities.
(iii) The costs of security measures.
(iv) The probability and criticality of potential risks to electronic protected health information.

Other Articles in this issue of

Health Information Compliance Alert

View All