DRAFT – Recommendation for Pilot RFP Security Section – DRAFT
The Rural Health Care Pilot Project (RHCPP) provides funding to public and not-for-profit health care providers for recurring and non-recurring costs of advanced telecommunications and information services to support the extension of Health Services into rural areas. These costs can include construction and deployment of network transmission facilities; such as connection to the public Internet; and, if requested, costs of connecting the regional or state networks to Internet2 or National LambdaRail. Since the data being transmitted is EPHI (Electronic Protected Health Information) adherence to the HIPAA Security Rule requires a secure network infrastructure and system.
To assist the organizations that issue and evaluate RFPs for Rural Health Networks, the Internet2 Health Network Initiative Security Working Group has developed a two part document which can be used by these organizations to specify information that should be included in proposals to describe the security posture of the proposed systems and networks and the provisions for guarding the Confidentiality, Integrity and Availability of the EPHI. Part 1 addresses features of the proposed network infrastructure. Part 2 addresses features of the systems and applications. Each is intended to be a drop-in section for an RFP with whatever tailoring is required for compatibility with a specific RFP.
The Center for Medicare and Medicaid Services (CMS) has published a HIPAA security guide, HIPAA Security Guidance for Remote Use of and Access to Electronic Protected Health Information, that is recommended reading for both the issuers of and the responders to RFPs. It provides a valuable explanation of the requirements for protecting EHPI. The link for the document is:
http://www.cms.hhs.gov/SecurityStandard/Downloads/SecurityGuidanceforRemoteUseFinal122806.pdf
This document is a work in progress. User comments and suggestions for change or additional content are welcome. Updates are anticipated on a frequent but irregular basis with the frequency declining as the document approaches a final form.