The HIPAA Security Rule requirements define that Oakland County shall implement and monitor an information management program to secure ePHI stored in systems. The county shall ensure confidentiality, integrity, and availability of ePHI.

To execute the program under HIPAA, the County shall designate a HIPAA Security Officer. The IT compliance function will manage, monitor, and implement requirements of the HIPAA Technology Compliance Program along with other Information Technology, Information Security, and respective business unit leadership. The following will comprise the Security Rule procedures.

References

• NIST 800-37, Rev 1: Applying the Risk Management Framework
• NIST 800-53, Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations
• HIPAA Security Rule