HIPAA Definitions

Emory Covered Entity Specific

Trusted Secure HIPAA Zone

Trusted Zones must be created to store and maintain identified ePHI. A Trusted Zone is a logically or physically isolated network or network segment that complies with all HIPAA-related security regulations and policies. A Trusted Zone must have the following characteristics:

1. It must be approved by the Emory Covered Entity Steering Committee (or their appointed representative), and
2. It must have an owner who is responsible for ensuring compliance with all applicable policies and who reports to the Emory Covered Entity Steering Committee (or their appointed representative).

A HIPAA-compliant Trusted Zone must be isolated from other networks through logical or physical, access-based controls. The following characteristics are typical of a Trusted Zone:

1. Risk Assessment procedures
2. Risk Management procedures
3. System Activity and Audits
4. Access termination upon dismissal or termination of employment
5. Security training for users and system administrators
6. Login monitoring
7. Virus detection and protection against malicious code
8. Incident Response and Reporting
9. Facility access control (safeguard against access to machines that can access ePHI)
10. Workstation Acceptable Use (e.g. protection against downloading malicious code, viruses, etc.)
11. Server, desktop, and wireless computer security (e.g. wireless access control to prevent unauthorized access to a system that has access to ePHI resources)

Federal HIPAA Security Standard

Electronic Protected Health Information (ePHI)

Individually identifiable health information that is transmitted by electronic media or maintained in electronic media.