The Federal government has completed the HIPAA security regulations. DHSS has produced a Combined and Annotated Privacy & Security Regulations for ease of use.
The security regulations apply to the administrative procedures, technical and physical safeguards that ensure the integrity, confidentiality and availability of protected health information. The proposed security standard is divided into four categories:
Administrative Procedures: These are the document, formal procedures for selecting and executing information security measures. The procedures also address staff responsibility for the protection of data.
Physical Safeguards: These safeguards protect the physical computer systems and related building and equipment from fire, and other environmental hazards, as well as intrusion.
Technical Security Data Issues: These include the processes used to protect, control and monitor information access.
Technical Security Mechanisms: These include process used to
prevent unauthorized access to data transmitted over a communications network.
As with the privacy rule, the security rule requires extensive documentation regarding compliance with all requirements.
The US Department of Health and Human Services website contains additional information and frequently asked questions about the security standards proposed rule.
Department Security Office
The Department Security Office, managed by the DHSS Chief Security Officer, is responsible for establishing, implementing, monitoring, and improving the DHSS Information Security Management System (ISMS). Specific responsibilities include:
1) Developing, coordinating the approval of, and communicating information security policies and implementing standards and procedures in support of those policies;
2) Coordinating risk assessment activities for the ISMS;
3) Coordinating training and awareness activities for the ISMS;
4) Planning and implementing controls, evaluating and recommending the selection of solutions, and participating in the development of the information technology strategies of DHSS to ensure consistency with DHSS information security policies;
5) Coordinating the activities of the DHSS incident response team (IRT) and coordinating DHSS IRT participation with the State Security Office, State IRT, forensic team, and law enforcement.
6) Coordinating and supporting security-related activities of DHSS Network Services, Business Applications, and Customer Services staff, and security system liaisons;
7) Presenting information security issues, policy changes and exceptions, and recommendations to department management regarding their information security responsibilities;
8) Monitoring information security, performing audits of operation of the ISMS, and reporting on the state of information security to DHSS management; and
9) Coordinating improvements to the DHSS ISMS based on the results of management reviews, audits, and incident response analysis.
If you have an information security/compliance question or concern relevant to the Department of Health and Social Services, please contact the Department Security Office at HSS-Security@alaska.gov or the DHSS Chief Security Officer at Thor.Ryan@alaska.gov.