Security Rule Requirements

The security rules, which went into effect on April 21, 2005, are related to the privacy mandates. They specifically instruct providers on how the privacy mandates should be enforced when using computer technology. Some of the more prevalent issues are:

  • providing adequate security, and controlling user access to Protected Health Information (PHI)
  • logging all system activity for auditing purposes
  • controlling data integrity, which relates to the editing and deletion of data

In addition to the general provisions above, the security rule specifies that healthcare providers (including audiologists and hearing instrument specialists) must employ additional measures related to the handling of PHI in their offices. These include:

  • ensuring the confidentiality, integrity and availability of all electronic, protected health information that is created, received, maintained or transmitted
  • protecting against any reasonably anticipated threats or hazards to the security and integrity of such information
  • protecting against any reasonably unanticipated uses and disclosures of this information
  • ensuring compliance by the members of your workforce

IMPORTANT: From the perspective of Noah System, HIPAA security requirements state that an end user must have tools available to them to accomplish the goals of the security mandates. It is important to note that simply having these tools within a software program like Noah System does not automatically make a practice compliant with the HIPAA security rules. The hearing care professional is responsible for the correct implementation of the tools.