May a HIPAA covered entity or its business associate disclose protected health information (PHI) for purposes of cybersecurity information-sharing of cyber threat indicators?
No, unless the disclosure is otherwise permitted under the HIPAA [...]
Who enforces the health information privacy and security standards established under the Health Insurance Portability and Accountability Act (HIPAA)?
The HIPAA Privacy and Security Rules are enforced by the [...]
Does the Security Rule allow you to network computers? In other words, are covered entities allowed to connect two computer systems, either within the covered entity, or between two covered entities or between a covered entity and its business associate(s) so that they can exchange information directly?
With regard to networking computers, there is nothing in the [...]
What does the Security Rule mean by physical safeguards?
Physical safeguards are physical measures, policies, and procedures to protect [...]
Is the Security Rule under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) suspended during a national or public health emergency?
No, the Security Rule is not suspended during a national [...]
How will we know if our organization and our systems are compliant with the Security Rule’s requirements?
The purpose of the Security Rule is to adopt national [...]
Are we required to “certify” our organization’s compliance with the standards of the Security Rule?
No, there is no standard or implementation specification that requires [...]
Under the Security Rule, must plan sponsors report security incidents to the group health plan? If so, what types of incidents must be reported and what level of detail is required?
Although a plan sponsor may not be a HIPAA covered [...]
What does the Security Rule require a covered entity to do to comply with the Security Incidents Procedures standard?
45 CFR § 164.304 defines security incident as the attempted [...]
Does the Security Rule permit a covered entity to assign the same log-on ID or user ID to multiple employees?
No. Under the Security Rule, covered entities, regardless of their [...]