The Final Rule adopting HIPAA standards for the security of electronic protected health information was published in the Federal Register on February 20, 2003. Most covered entities had to comply with the Security Rule by April 20, 2005. The Security Rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information. The standards are delineated into either required or addressable implementation specifications.
The Office for Civil Rights (OCR), which is a part of the U.S. Department of Health and Human Services (HHS), is responsible for implementing and enforcing the Security Rule. The OCR website is http://www.hhs.gov/ocr/hipaa .
The Computer Security Division (CSD) is one of eight divisions within the National Institute of Standards and Technology's (NIST) Information Technology Laboratory. NIST's CSD supports the intelligent management of IT risks, vulnerabilities and protection needs.
NIST's CSD develops computer security prototypes, tests, standards, and procedures to protect sensitive information from unauthorized access or modification. These publications present the results of NIST studies, investigations, and research on information technology security issues.
NIST's CSD has developed a DRAFT Introductory Resource Guide for Implementing the HIPAA Security Rule (NIST SP 800-66) , which is an excellent resource for covered entities implementing the NIST HIPAA Security Rule document.
For the full list of NIST Security publications, visit NIST's CSD publications library at: http://csrc.nist.gov/publications/index.html
Adobe Acrobat Reader is required to view the file(s) above. Download a free version.
The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted on February 17, 2009, provides for privacy and security of patient health information. Part of the American Recovery and Reinvestment Act of 2009 (ARRA) (Pub L 111-5, 123 Stat 115), the HITECH Act significantly modifies the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Pub L 104–191, 110 Stat 1936). The HITECH Act adds new requirements concerning privacy and security for health information directly affect many entities. Specifically, the HITECH Act:
For additional information on the HITECH Act, please select the following link: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/hitechblurb.html
Visit Forms & Documents, download what you need when you need it.