Group To Issue Guidelines on HIPAA Data Security Rules
December 15, 2004

The Healthcare Security Workgroup this month will issue guidelines for complying with HIPAA's data security requirements, which take effect in April, Computerworld reports.

The working group is composed of representatives from URAC, the Workgroup for Electronic Data Interchange and the National Institute of Standards and Technology. The working group began developing the guidelines last November and is expected to have them completed by the middle of this year, but the project's complexity delayed their progress, said Devin Jopp, chief operating officer of not-for-profit health care accreditation organization URAC. The guidelines aim to give information technology and business managers "a better feel for what it will take to comply" with HIPAA rules, said Mark McClaughlin, a regulatory policy analyst at McKesson and an adviser to the WEDI co-chair of the security working group.

The security rules require that companies implement certain administrative, technical and physical measures to protect patient data, Computerworld reports. The working group has developed compliance guidelines based on sources such as best-practices documents, case studies and standards efforts by groups such as the Healthcare Information and Management Systems Society, Jopp said (Vijayan, Computerworld, 12/13).

Posted to HIPAAcomply 12/15/04