How could a small provider implement the security standards as published in the Federal Register on February 20, 2003?

Answer:

The security standards regulation allows any covered entity (including small providers) to use any security measures that allow the covered entity to reasonably and appropriately implement the standards. In deciding what security measures to use, a covered entity can take into account its size, capabilities, and costs of security measures.

A small provider who is a covered entity would first assess their security risks and vulnerabilities and the mechanisms currently in place to mitigate those risks and vulnerabilities. Following this assessment, they would determine what additional measures, if any, need to be taken to meet the standards; taking into account their capabilities and the cost of those measures.


Home | About Us | Contact Us | Sitemap | Resources | Covered Entity | Business Associate
Individuals | Product Certification | HIPAA Compliance FAQ | HIPAA Compliance Software | HIPAA Security Policies | HIPAA Privacy Policies
HIPAA Business Continuity Plan | HIPAA Security Risk Analysis Template | HIPAA Audit Templates
Copyright © 2007-09 Supremus Group LLC Developed and Designed by Des Moines Web Design Company
This site is best viewed using Internet Explorer 5.0/higher or Netscape Navigator 7.0/higher at 1024x768 resolution for optimum performance