What are the HIPAA Privacy and Security Rules?
The HIPAA Privacy Rule, officially known as the Standards for Privacy of Individually Identifiable Health Information, was implemented in 1996. The U.S. Department of Health and Human Services notes that this is the first time that a set of national standards were established to protect health information. This rule creates a minimum standard for protection of information for all in the United States. According to the U.S. Department of Health and Human Services, the purpose of the HIPAA Privacy Rule is to protect the privacy of individually identifiable health information.
The HIPAA Security Rule focuses specifically on electronic protected health information (ePHI). Providers have been required to be in compliance with the Security Rules since April 20, 2005. The purpose of the HIPAA Security Rule is to set administrative, technical, and physical standards to protect electronic protected health information.
The Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services administers and enforces the Privacy and Security rules.
Sample Security Rule Compliance Guidelines - Developed by the University of California (2005). This document represents the actual compliance guidelines instituted by the University of California to assist campus and medical center directors and managers.
An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule - Developed by the National Institute of Standards and Technology (2008). This guide provides a background of the HIPAA Security Rule, as well as guidance for implementing and complying with the Security Rule.
HIPAA Security Rule Summary - Developed by the HIPAA Survival Guide (2009). This link provides a brief overview of the Security Rule.
Health Information Privacy - Developed by the Office for Civil Rights at the U.S. Department of Health and Human Services. This site provides background on HIPAA with respect to privacy and security.
E-mail the HealthIT e-mail box: email@example.com