Resources for Health Insurance Portability and Accountability Act (HIPAA)

HIPAA Security Guidance

U.S. Department of Health and Human Services

The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) required the Department of Health and Human Services (HHS) to establish national standards for the security of electronic health care information. The final rule adopting HIPAA standards for security was published in the Federal Register on February 20, 2003. This final rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information. The standards are delineated into either required or addressable implementation specifications.CMS has prepared guidance to provide HIPAA covered entities with general information on the risks and possible mitigation strategies for remote use of and access to Electronic Protected Health Information (EPHI).CMS has delegated authority to enforce the non-privacy provisions of the HIPAA Regulations, to include HIPAA Security. This guidance document sets forth CMS' minimal compliance expectations for covered entities seeking to safeguard EPHI that is accessed, stored or transported offsite. Please note however that this document does not seek to provide a comprehensive list of risks and mitigation strategies but rather a general list of suggestions for organizations that require remote use of sensitive health information.

View the Resource

Share or bookmarklet this web page at: