HIPAA Device and Media Policies Profile, v1.0
Profile of HIPAA physical safeguards (per 45 CFR Section 164.310(d)) requirements for a covered entity or business associate to have policies that govern the receipt and removal of hardware and electronic media that contain electronic protected health information into and out of a facility, and the movement of these items within the facility.
Identifier | https://artifacts.trustmarkinitiative.org/lib/tips/hipaa-device-and-media-policies-profile/1.0/ | ||||
Publication Date | 2017-02-17 | ||||
Issuing Organization |
Trustmark Initiative (https://trustmarkinitiative.org/)
View Contact
|
||||
Keywords | There are no keywords. | ||||
Legal Notice | This artifact is published by the Georgia Tech Research Institute (GTRI) as part of the Trustmark Initiative. This artifact and the information contained herein is provided on an "AS IS" basis, and GTRI disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, GTRI disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein. |
Loading...
Trust Expression:
TD_DeviceandMediaControlsReceiptPolicies and TD_DeviceandMediaControlsRemovalPolicies and TD_DeviceandMediaControlsMovementPolicies and TD_DeviceandMediaControlsDisposalPolicies
References (4)
TD Device and Media Controls - Receipt Policies, v1.0 | |
---|---|
Description | Specifies that a health care related organization must document policies that govern the receipt of hardware and electronic media that contain electronic protected health information into a facility. |
ID | TD_DeviceandMediaControlsReceiptPolicies |
Provider Reference |
TD Device and Media Controls - Removal Policies, v1.0 | |
---|---|
Description | Specifies that a health care related organization must document policies that govern the removal of hardware and electronic media that contain electronic protected health information out of a facility. |
ID | TD_DeviceandMediaControlsRemovalPolicies |
Provider Reference |
TD Device and Media Controls - Movement Policies, v1.0 | |
---|---|
Description | Specifies that a health care related organization must document policies that govern the movement of hardware and electronic media that contain electronic protected health information within a facility. |
ID | TD_DeviceandMediaControlsMovementPolicies |
Provider Reference |
TD Device and Media Controls - Disposal Policies, v1.0 | |
---|---|
Description | Specifies that a health care related organization must have policies to address the final disposition of electronic protected health information, and/or the hardware or electronic media on which it is stored. |
ID | TD_DeviceandMediaControlsDisposalPolicies |
Provider Reference |
Terms (7)
Term Name | Abbreviations | Definition |
---|---|---|
Business Associate | BA | Covered entities engage "business associates" to work on their behalf. A business associate is a person (not part of the workforce of the covered entity) or organization that creates, receives, maintains, or transmits protected health information on behalf of the covered entity. Covered entities must have contracts or other arrangements in place with their business associates to ensure that the business associates safeguard protected health information, and use and disclose the information only as permitted or required by the Privacy Rule. A covered entity may be a business associate of another covered entity. |
Covered Entity | CE | The Administrative Simplification provisions of HIPAA apply to three types of entities, which are known as "covered entities": 1) health care providers if they transmit any information in an electronic form in connection with a transaction for which HHS has adopted a standard, 2) health plans, and 3) health care clearinghouses. A covered entity may be a business associate of another covered entity. |
Disclosure | Disclosure means the release, transfer, provision of access to, or divulging in any manner of information outside the entity holding the information. | |
Electronic Protected Health Information | e-PHI | Electronic protected health information means protected health information (PHI) that is transmitted by electronic means or maintained in electronic media. |
Health Insurance Portability and Accountability Act of 1996 | HIPAA | The HIPAA law includes Administrative Simplification provisions that require adoption of national standards for electronic health care transactions and code sets, unique health identifiers, and security. Additionally, Congress recognized that advances in electronic technology could erode the privacy of health information. Consequently, Congress incorporated into HIPAA provisions that mandated the adoption of Federal privacy protections for individually identifiable health information. |
Protected Health Information | PHI | Protected health information (PHI) means "individually identifiable health information" that is transmitted by electronic means or maintained in electronic media or transmitted or maintained in any other form or medium, except it excludes individually identifiable health information:
|
U.S. Department of Health and Human Services | HHS | The U.S. Department of Health and Human Services' (HHS) mission is to enhance and protect the health and well-being of all Americans by providing for effective health and human services and fostering advances in medicine, public health, and social services. |