HHS adopts final security standards under HIPAA
HHS adopts final security standards under HIPAA
Tommy G. Thompson, secretary of the Department of Health and Human Services (HHS), recently announced the adoption of final security standards for protecting individually identifiable health information when it is maintained or transmitted electronically. He also announced the adoption of modifications to a number of the electronic transactions and code sets adopted as national standards. Both final regulations are required as part of the administrative simplification provisions included in the Health Insurance Portability and Accountability Act of (HIPAA) 1996.
"Overall, these national standards required under HIPAA will make it easier and less costly for the health care industry to process health claims and handle other transactions while assuring patients that their information will remain secure and confidential," he said. "The security standards in particular will help safeguard confidential health information as the industry increasingly relies on computers for processing health care transactions."
Under the standards announced, health insurers, certain health care providers, and health care clearinghouses must establish procedures and mechanisms to protect the confidentiality, integrity, and availability of electronic protected health information. The rule requires covered entities to implement administrative, physical, and technical safeguards to protect electronic protected health information in their care. The security standards work in concert with the final privacy standards adopted by HHS last year and scheduled to take effect for most covered entities on April 14. The two sets of standards use many of the same terms and definitions to make it easier for covered entities to comply. Most covered entities will have two full years, until April 21, 2005, to comply with the security standards; small health plans will have an additional year to comply, as HIPAA requires.
In a separate final regulation, HHS adopted modifications to the transaction standards, which health plans, certain health care providers, and health care clearinghouses by law must use for electronic health care transactions. Covered entities must comply with these modified transaction standards by Oct. 16, 2003.
(Editor’s note: For the complete text of both final rules go to: www.cms.hhs.gov/hipaa/hipaa2.)
Tommy G. Thompson, secretary of the Department of Health and Human Services (HHS), recently announced the adoption of final security standards for protecting individually identifiable health information when it is maintained or transmitted electronically.Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.