|Rules Finalized on Security and
Transactions Standards Modifications
Two HIPAA final regulations, those for Security Standards, and for Modifications to the Transactions Standards, went on display on 2/13/03 at the Office of the Federal Register. They were published in the February 20 edition of the Federal Register.
Copies of the rules can be viewed at http://www.cms.hhs.gov/hipaa/hipaa2/default.asp
These are the versions that were sent to the Office of the Federal Register. The Federal Register versions will be made available, via links, from this same web site.
Under the security standards announced today, health insurers, certain health care providers and health care clearinghouses must establish procedures and mechanisms to protect the confidentiality, integrity and availability of electronic protected health information. The rule requires covered entities to implement administrative, physical and technical safeguards to protect electronic protected health information in their care.
The security standards work in concert with the final privacy standards adopted by HHS last year and scheduled to take effect for most covered entities on April 14. The two sets of standards use many of the same terms and definitions in order to make it easier for covered entities to comply.
Covered entities (except small health plans) must comply with the security standards by April 21, 2005. Small health plans have an additional year to comply.
The final transaction modifications rule, which will also be published in the Federal Register on Feb. 20, combines two proposed rules published May 31, 2002. HHS worked extensively with the Designated Standards Maintenance Organizations (DSMOs) to revise the proposed changes to the standards, as required by Congress as part of HIPAA.
Major provisions of the final rule include:
The rule also adopts modified standards for two transactions that were not included in the proposed rules -- premium payments, and coordination of benefits. The modifications were approved by the DMSOs and merely provide explanatory guidance.
Posted to HIPAAcomply 2/13/03