Will You be Compliant by the New HIPPA Security Rule Deadline?

Thousands of US healthcare organizations have been waiting for the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to be finalized. The Security Rule is just one part of HIPAA – the federal legislation passed into law in August 1996. The HIPAA Act is meant to provide better access to health insurance, limit fraud and abuse and reduce the overall cost of health care. The basics of the Final HIPAA Security Rule include:

	What:	The rule applies to electronic Protected Health Information (ePHI), which is individually identifiable health information in electronic form.
	Who:	Covered entities must comply with the rule’s requirements. These include health plans, health care clearinghouses and health care providers who transmit any protected health information in electronic form.
	How:	Covered entities must maintain reasonable and appropriate administrative, physical and technical safeguards to protect against any reasonably anticipated threats or hazards to the security or integrity of the electronic Protected Health Information (ePHI).
	Why:	The basic purpose of the rule is protect the confidentiality, integrity and availability of electronic Protected Health Information when it is stored, maintained or transmitted.
	When:	The final Security rule is effective as of April 21, 2003. Most covered entities will have until April 21, 2005 to comply.

Unlike other security best practices or standards, the HIPAA Security Rule is federal law. There are clear, defined consequences in the event of infringement; covered entities who violate the rule can face penalties of up to $250,000 and 10 years in prison. Covered entities who are non-compliant may also be subject to lawsuits from patients, customers or business partners.  Click the below links to find out more.