Response: We refuse to delay the application of the requirements of the safety rule to subcontractors beyond the compliance dates set out in this Final Rule. As we have already pointed out, the security rule already requires the companies concerned to enter into commercial partnership agreements in which business partners must ensure that their subcontractors take appropriate and appropriate security precautions to protect the security of the electronically protected health information they process. We have replaced the proposed “chain of trust” standard with a standard for “trade partnership agreements and other agreements”. The chain of trust of a certificate chain is an ordered list of certificates that contains an end-user subscriber certificate and intermediate certificates (which represent the intermediate CA) that the recipient can use to verify that the sender and all intermediate certificates are trusted. This process is best described on the Intermediate Certification Authority page. See also X.509 certificate chains for a description of these concepts in a widely used standard for digital certificates. Answer: This final regulation requires written agreements between the companies and the business partners concerned. It is not necessary to conclude new contracts specifically for this purpose if the existing written contracts adequately meet (or can be amended) the applicable requirements. Comment: Several commenters explained that if security features are determined by agreements between “trading partners”, as provided for in the proposed Regulations, there should be guidelines or limits for these agreements, so that extreme or unusual provisions are not permitted. The certificate hierarchy is a certificate structure that allows individuals to verify the validity of the issuer of a certificate. Certificates are issued and signed by certificates higher up the certificate hierarchy, so the validity and reliability of a particular certificate is determined by the corresponding validity of the certificate with which it was signed. Answer: Hitech does not remove the requirements for trade partnership agreements under HIPAA rules.
Therefore, we refuse to make the execution of trade partnership agreements an “addressable” requirement under the security rule. In this final regulation, we have adopted the concepts of hybrid and affiliated companies as defined previously in § 164.504 and now defined in § 164.103 and business partners as defined in § 160.103 in order to comply with the data protection rule. The general organisational requirements for covered affiliates and hybrid companies are now included in a new § 164.105. The proposed chain of trust partnership agreement has been replaced by standards for business partner contracts or other agreements and standards for group health insurance plans. In accordance with the law and the privacy rule policy, this final rule does not require uncovered companies to comply with security standards. Several commentators believe that a Chain of Trust partnership agreement should not be a security requirement. One commenter explained that a “chain of trust” agreement does not contribute to overall security because the companies covered must already comply with regulatory requirements. Compliance with the Regulation should be sufficient. Although Section 13401 of the HITECH Act does not expressly include Section 164.314 among the provisions for which business partners are directly responsible, it states that Section 164.308 of the Business Partner Safety Rule applies “in the same manner” as the provision for covered entities.
Article 164.308(b) requires that the commercial partnership agreements of a covered entity comply with the requirements of Article 164.314. Accordingly, we have proposed to revise § 164.314 to apply § 164.308(b) to business partners in the same way as for the companies concerned, to revise § 164.314 to reflect that it also applies to agreements between business partners and subcontractors that create, receive, maintain or transmit protected health information electronically. We have added a standard for group health insurance plans that complies with the provisions of the confidentiality rule. During the establishment of the security and data protection rules, it became clear that our initial approach to the chain of trust was both too broad and did not sufficiently take into account the situation of certain companies covered, in particular the health plans of the ERISA Group. .
Слідкуйте за нами в соціальних мережах та першими дізнавайтесь усі новини:
Корисні посилання:
- Для пошуку квитків радимо використовувати Skyscanner - найкращий пошуковик авіаквитків.
- Найдешевші пакетні тури на MistoTravel
- Сервіс для бронювання апартаментів AirBnb - знижки до 39 Євро на перше бронювання
- Hotelscombined - пошуковик, який знаходить найдешевше житло серед усіх сайтів для бронювання житла в готелях/хостелах/апаратментах.
- Omio - отримайте 10 Євро знижки при бронюванні авіа, автобуса чи потяга при сумі бронювання 40+ Євро!
- Compensair-авіакомпанія скасувала/перенесла/затримала рейс? Отримайте до 600 Євро компенсації (актуально для перельотів за останні 4 роки)!