Ask the Expert

Where to find statement of HIPAA security standards

Where can I find a clear and concise statement of HIPAA security standards on which I can evaluate my WAN?

So far I have found thousand of pages regarding privacy or new formats for claims, eob's and eligibility verification. But where is the criteria against which I can judge or configure my Windows 2000 WAN?


    Requires Free Membership to View

The HIPAA security rule is still in its proposed form, but it's most likely not going to change much once it's finalized (supposedly in October 2002). You can view the current draft of the security rule at http://aspe.os.dhhs.gov/admnsimp/nprm/secnprm.pdf. In a nutshell, the rule is divided into four categories: Administrative Procedures with 12 requirements; Physical Safeguards with six requirements; Technical Security Services with five requirements; and Technical Security Mechanisms with one requirement. In addition, there's currently an electronic signature standard, but word has it that this will be dropped in the final version of the rule.

Like any good security standard, the HIPAA security rule is based more on policies, procedures and business processes than it is on technology. The requirements are designed to be scaleable and technology neutral, thus there are no specific technology requirements for system hardening, encryption algorithms, security infrastructure, etc. The rule tells you what to do, not how to do it. There's a chance that the final security rule will be based on NIST, ISO or other security standards, which will make it much easier to find documentation on how to implement the proper systems and comply. For more information on the HIPAA security rule, check out the following URLs:

Frequently asked questions about security and electronic signature standards
HIPPAdvisory standards for security and electronic sigantures
HIPAA security rule FAQ
Five good reasonds to get started on HIPAA security compliance


For more information on this topic, visit these SearchSecurity.com resources:
Best Web Links: Health care/health services
News & Analysis: HIPAA is a strategic enabler
News & Analysis: Experts answer users' HIPAA questions


This was first published in September 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: