HIPAA and Security Compliance
Rules
- Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules -Final Rule
- HHS 45 CFR Parts 160 and 164, Breach Notification for Unsecured Protected Health Information; Interim Final Rule
- Information on the Interim Final Breach Notification Rule
- HITECH Act Enforement Rule
HIPAA Basics
The Administrative Simplification standards were adopted by Health and Human Services (HHS) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
- Summary of the Privacy Rule from HHS.gov
- Health Information Privacy The Privacy Rule
- Summary of the Security Rule
- CMS general information on covered entities.
- CMS covered entity charts.
- Sample Business Associates Contract Provisions from HHS.gov
Security Rule Draft Guidance
The Office for Civil Rights (OCR) is responsible for issuing periodic guidance on the provisions in the HIPAA Security Rule. (45 C.F.R. §§ 164.302 – 318.) This series of guidance documents will assist organizations in identifying and implementing the most effective and appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of electronic protected health information. The materials will be updated annually, as appropriate.
- HHS has issued this guidance document entitled: “HIPAA Security Standards: Guidance on Risk Analysis.”
- ONC Guide to Privacy and Security of Health Information
The ONC’s Office of the Chief Privacy Officer (OCPO) has released a guide for providers and their staff to help understand privacy and security when it comes to electronic health records (EHRs) and meaningful use. “Guide to Privacy and Security of Health Information” is a comprehensive tool assisting professionals in integrating privacy and security into their practices. The guide includes information on:
- Privacy & Security and Meaningful Use
- Security Risk Analysis and Management Tips
- Working with EHR and Health IT Vendors
- A Privacy & Security 10-Step Plan
- Health IT Privacy and Security Resources
News & Update Posts
Other Resources
- HealthIT.gov – Health Information Privacy and Security: A 10 Step Plan
- HIPAA and Stage 1 Meaningful Use
- HITECH Answers HIPAA and Security Compliance eLearning Event Presentations
- ONC Privacy and Security Whitepaper Series – Consumer Consent Options for Electronic Health Information Exchange: Policy Considerations and Analysis
- Data Segmentation in Electronic Health Information Exchange: Policy Consideration and Analysis
- Consumer Consent Options for Electronic Health Information Exchange: Policy Considerations and Analysis
- HCCA – Health Care Compliance Association
- White paper: HIPAA Security Risk Analysis and Risk Management Methodology by Bob Chaput
October 1, 2014, the health care industry will adopt the ICD-10 code set. While you should prepare for this transition, your medical billing, practice management and EHR vendor should be working hard right now with you to adapt your system. 
Connect With Us