HIPAA Regulatory Alert: URAC handbook explains HIPAA security rules

The lack of a final HIPAA security regulation means that your organization doesn’t have to provide security for your patient data, right? Wrong, according to a new handbook published by URAC. Your organization already has to protect patient data under HIPAA privacy rule, the book points out.

HIPAA Handbook: What Your Organization Should Know About the Federal Security Rule is the third in a trilogy of books published by URAC focusing on HIPAA.

The book was issued to help the health care industry cope with the uncertainty surrounding the HIPAA data security regulation. It includes explanations and strategies by the national’s leading experts for meeting security requirements under HIPAA.

"The health care industry has been waiting for years for the final HIPAA security standard to be published. Nevertheless, regulators of all stripes believe that data security is good business practice and health care entities should not wait for the regulation," says Dennis Melamed, lead editor and author of the handbook.

The most recent publication is $65 and is available through the URAC web site at www.urac.org. The trilogy of HIPAA books is $175.


In the January/February issue of HIPAA Regulatory Alert, the article "How to draft documents for HIPAA implementation" incorrectly stated that "a provider with a direct treatment relationship must have patient consent in order to use or disclose protected health information for treatment, payment, or their own health care operations." Under the final rule, such consent is not mandatory.