As the information security officer at your facility, you have been asked to provide examples of technical security safeguards adopted as a result of HIPAA legislation. Which of the following would you provide?

The HIPAA security rule defined the technical security safeguards under the following categories : Access control, Audit control, Integrity, Authentification and transmission security.

Explanation:

Apart from the administrative and physical safeguards, the HIPAA requires from all facilities dealing with health information to:

- determiine the right user with permissions to carry out their defined functions through the facility programs or information systems (access control),

- establish and implement all hardware, software and procedures that have to record, analyse or transmit health data (audit control),

- establish security measures to avoid alteration or modification of health information that is transmitted electronically, without detection (integrity),

- ensure all users are verified and authorised to carry out their functions (authentification),

- safeguard data transfer and prevent unauthorised transmission (transmission safety).

Other measure that could be addressed include encrypting health data, automatic log-off and also adapting the type of control to the size of the the facility and possibly reduce cost.