  |
 |
 |
 |
 |
 |
HIPAA Security Overview
The HIPAA Security Rule was written and passed into law to help ensure the confidentiality, integrity and availability of electronic protected health information (ePHI). The legislation is specifically designed to cover protected information that is stored on computers and computer media and information that is transmitted over the Internet or by other means. The deadline for compliance with the HIPAA Security Rule is April 20, 2005.
The rule includes safeguards in three categories: Administrative, Physical and Technical. The administrative safeguards cover policies, procedures and practices regarding ePHI. The physical safeguards address physical access to information, such as location of workstations, doors, locks, etc. The technical safeguards require software access control, user authentication, audit controls to track access to protected information, integrity tools and transmission security.
While some of the technical safeguard standards are best handled by computers, hardware devices or operating systems, other mandated requirements must be addressed by office management or billing software applications. E·Z BIS Office now includes those components of the new HIPAA Security Rule that are needed for compliance. E·Z BIS Office 6.2 is the only version of E·Z BIS software that offers the access control, authentication and audit capabilities that HIPAA now requires.
User Access Control and Authentication
One of the requirements under the HIPAA Security Rule is that each software user must log-in with a unique User ID. E·Z BIS Office 6.2 now requires users to log-in with a User ID and password. Access to the software is denied unless a valid user ID and password are supplied.
Although HIPAA now requires the capability of granting or limiting access to patient data to individual users, E·Z BIS Office 6.2 goes a step further. In addition to merely granting or denying access the software, individual users can be assigned very specific rights or privileges within the E·Z BIS software. For example, an office administrator might determine that an employee that works at the Front Desk should not have access to patients’ condition information. Or, perhaps an associate doctor in a practice should not be able to view or edit financial information.
Administrators have the ability to specify exactly which modules of the software each employee can use. They can even control whether or not users can view and/or edit information on specific screens within each module. An example might be that a user has the rights to view patient general information, but not to change any data.
