HIPAA Security Rule Basics—Course Outline

I. Introduction to the Security Rule

1. What is HIPAA?
2. What is the Security Rule?
3. Purpose of the Security Rule
4. Definition of electronic protected health information
5. Exclusions from electronic media definition
6. Goal of the Administration Simplification and Security Rule
7. Definition of a covered entity
8. What the Privacy Rule and Security Rule require under HIPAA

II. Understanding the Security Rule

1. Basic principles of the Security Rule
2. Security Objectives
3. Categories of Safeguards
4. General Requirements of the Security Rule
5. Standards and Implementation Specifications

III. The Administrative Safeguards

1. Introduction to the Administrative Safeguards
2. Standard – the Security Management Process
3. Standard – Assigned Security Responsibility
4. Standard – Workforce Security
5. Standard – Information Access Management
6. Standard – Security Awareness and Training
7. Standard – Security Incident Procedures
8. Standard – Contingency Plan
9. Standard – Evaluation
10. Standard – Business Associate Contracts and Other Arrangements

IV. The Physical Safeguards

1. Introduction to the Physical Safeguards
2. Standard – Facility Access Controls
3. Standards – Workstation Use and Workstation Security
4. Standard – Device and Media Controls

V. The Technical Safeguards

1. Introduction to the Technical Safeguards
2. Standard – Access Control
3. Standard – Audit Control
4. Standard – Integrity
5. Standard – Person or Entity Authentication
6. Standard – Transmission Security

VI. Organizational Requirements

1. Standard – Policies and Procedures
2. Standard – Documentation Requirements
3. Relationship with Plan Sponsor