NEMA HIPAA Privacy and Security Introduction

A NEMA paper on HIPAA is available here:  NEMA HIPAA Security Intro Overview.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was signed to law on July 21, 1996, and has the general objectives to:

  • Guarantee health insurance coverage of employees
  • Reduce health care fraud and abuse
  • Introduce/implement administrative simplifications in order to augment effectiveness and efficiency of the health care system in the United States
  • Protect the health information of individuals against access without consent or authorization

Within HIPAA there are Administrative Simplification regulations that, in early 2001, are in work.

The HIPAA Security and Electronic Signature Standards Notice of Proposed Rule Making defines security measures to be implemented in healthcare. This white paper gives an explanation of how this rule and the final rule about privacy of individually identifiable health information that became law on December 28, 2000, impact the medical imaging world.

This document is intended for educational purposes. It does not contain concise definitions nor mandatory guidelines, but instead outlines the main components of HIPAA that affect medical imaging equipment.

Covered Entities (CEs) as defined by HIPAA are health plans, health care clearinghouses, and health care providers who transmit any health information in electronic form in connection with certain standard transactions. These CEs need to support many different data formats and protocols. Having only a single set of data formats and protocols will simplify administration. HIPAA defines standards for a set of transactions conducted in electronic form while still allowing any non-standardized paper form for these transactions. The proposed security standard would apply to all health information that is electronically maintained or electronically transmitted. The approved privacy standard applies to individually identifiable health information transmitted or maintained in any form, oral, written or electronic – called Protected Health Information (PHI). There are other regulations pending that deal with National Provider ID and National Employer ID; additional regulations will be proposed on National Health Plan ID, Claims Attachments, and National Individual Identifiers. We should think of HIPAA as an ongoing process to standardize the digitalization of health care information within the United States.

SoftwareCPR® provides on-site and web based training in HIPAA privacy and security regulations, in addition to other regulatory consulting services. SoftwareCPR® also provides a HIPAA Roadmap with links to relevant educational documents to paid subscribers (See Post HIPAA Privacy and Security Roadmap).  For information on our subscriptions go to Subscribe page on our site.

SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:

TBD

 


 

Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite (4 days virtual) with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering: March 7 & 28, 2024

Virtual via Zoom

Registration Link:

Register Now

 


 

Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN, TX) and Canada.