From: "Opland, Russell" <OplandR@uphs.upenn.edu>
Date: March 18, 2005 2:39:37 PM EST
To: "All Exchange Users" <allexu@uphs.upenn.edu>
Subject: HIPAA Security Rule Going Into Effect
The HIPAA Security Rule goes into effect on April 20, 2005. This federal regulation requires that we safeguard electronic Protected Health Information ("ePHI"), and complements the HIPAA Privacy Rule.
The Security Rule encompasses:
- Confidentiality (protecting the information from unauthorized access or release)
- Integrity (ensuring information is not inadvertently changed, or altered by unauthorized personnel)
- Availability (backing up critical information, providing redundancy in systems, etc)
The Penn Medicine executive team recently approved nine new policies covering Information Security for UPHS and the School of Medicine.
- They go into effect on April 20, 2005.
- They are available from the following website: http://uphsxnet.uphs.upenn.edu/policy/health/is/is_alpha.shtml.
- All managers should please review these policies before April 20 for the impact on their respective areas.
All staff are responsible for familiarizing themselves with our Information Security policies, and reading these HIPAA Security updates, which will be issued periodically.
- Please ensure that all personnel read or have access to these updates.
- They will also be posted on our new Information Security website, which will be online shortly: http://uphsxnet.uphs.upenn.edu/security/
- Please ensure that they are reviewed by new staff during departmental orientation.
In case of questions or feedback:
- UPHS personnel should contact Russ Opland, UPHS Chief Privacy & Information Security Officer, at oplandr@uphs.upenn.edu or 215-615-0643
- School of Medicine personnel should contact Mary Alice Annecharico, Executive Director of Information Services, at mannecha@mail.med.upenn.edu or 215-898-9754.
Thank you for your ongoing commitment to Excellence and Quality Service!