A Good Time for a HIPAA Refresher
Mixed in with the billions of dollars for health IT in the American Recovery and Reinvestment Act are new privacy and security regulations for using it. It’s reminiscent of 1996, when HIPAA mandates on transacting certain health information electronically required accompanying standards for doing so securely.
After the initial trumpet of ARRA’s wake up call, something of a lull is ensuing. The industry is chewing over the published legislation while waiting on the details that will come in interim rules.
ARRA plays largely off HIPAA, which makes this lull a good time to brush up on the HIPAA security rule. A strong working knowledge of the rule will help organizations interpret and implement the new ARRA provisions. It’s been six years since the final rule was published, and it never did get the kind of attention that the privacy rule received.
AHIMA’s policy and governance team offered an analysis of the HIPAA security final rule upon its publication back in February 2003. The article offers a good place start.
AHIMA’s Body of Knowledge library is also rich with subsequent articles on interpreting and working with the rule (requires AHIMA member log in). The Department of Health and Human Services offers guidance and links.