HHS Gives Guidance on Security Rule
Health Data Management (March 9, 2005)

The Department of Health and Human Services has released the third of seven planned papers that give guidance on implementing the HIPAA security rule. The paper comes less than a month before the April 20th compliance date for most covered entities. Very small payers have an additional year.

The paper covers the physical safeguard provisions within the security rule. Previous papers presented an overview of the rule and guidance on administrative safeguards. Papers not yet published will cover: technical safeguards; policies, procedures and documentation; risk analysis and risk management; and implementation for small providers.

The papers are designed to explain specific requirements of the rule from those who wrote and will enforce it, the thought process behind requirements, and possible ways to address the provisions.

The first three security rule guidance papers are available for downloading at www.cms.hhs.gov/hipaa/hipaa2.

The Centers for Medicare and Medicaid Services also will host its next security rule roundtable conference call on April 13 at 2 p.m. EST, one week before the compliance date. The conference calls are designed to answer questions that arise as covered entities implement the rule. No registration is required. To participate, call 877-203-0044; the identification number is 4587639.

Posted to HIPAAcomply 3/24/05