HIPAA REGULATIONS: SECURITY RULE
The proposed security rule published in August
1998 requires every covered healthcare organization to have an information
security program in place. It is expected that most of the proposed
standards will be implemented in the final rule once it is published.
Publication of the final rule is expected by September 2002. There
is the expectation that the final rule may contain increased audit
requirements as well as clarification of how paper and oral communications
will be affected by the security standards. It is also expected
that electronic signatures will be covered separately in their own
Notice of Proposed Rule Making (NPRM).
The proposed security standard addresses how data
is stored and accessed. It provides the means for safeguarding data
integrity, confidentiality and availability through a documented
formal information security process that includes:
Administrative Policies and Procedures
Physical Safeguards
Technical Security Services
Technical Security Mechanisms
|