Health Care Law - Schwartz, Manes, Ruby & Slovin










Search Health Care Law site:

HIPAA - March 2004
Back to "HIPAA" Index | Back to "Update" Index

HIPAA Security Rule Introduction

One year from now, on April 21, 2005, all covered entities under HIPAA (except small health plans) will be required to be in compliance with the HIPAA Security Rule.  This article, which provides an overview of the Security Rule, is the first of two articles on the Security Rule. Next month's article will address implementation of the Security Rule.

Goals of the Security Rule

It is important to understand that unlike the HIPPA Privacy Rule, the Security Rule only applies only to electronic protected health information (ePHI).  It imposes a high standard for the security of ePHI.

The goals of the Security Rule are to:
Ensure the confidentiality, integrity and availability of all ePHI
Protect against any reasonably anticipated threats or hazards to the security of ePHI
Protect against any reasonably anticipated uses or disclosures of ePHI that are not permitted or required by the Privacy Rule
Ensure compliance by the workforce

Interface Between the Security Rule and the Privacy Rule

HIPAA recognizes that security and privacy are strongly linked.

- Both protect confidentiality of ePHI

- Both provide workforce access controls and protections

- Both require business associate contracts with vendors

- Both require written compliance policies and procedures

The Security Rule is intended to be compatible with the Privacy Rule and implementation of the Security Rule will complement your existing Privacy Rule compliance plan.

Security Rule Concepts

The Security Rule focuses on risk management in relation to workplace security issues.

The Security Rule standards provide flexibility in scaling solutions for large and small providers.  They recognize that one approach to security may not make sense for every covered entity.

The Security Rule is comprehensive and covers all aspects of security, both behavioral and well as technical.

The Security Rule is technology neutral which will permit covered entities to utilize future advances in addressing security issues.

Compliance Deadline

The HIPAA Security Rule compliance date is April 21, 2005.  Working through the risk management analysis required by the Security Rule will take time.  Now is the time to begin putting together a Security Rule Compliance Plan.

Back to Top of Page
Back to "HIPAA" Index | Back to "Update" Index






Schwartz Manes Ruby & Slovin
2900 Carew Tower
441 Vine Street
Cincinnati, Ohio 45202-3090

Phone: (513) 579-1414
Email Us: crowland@smrslaw.com
About Schwartz Manes Ruby & Slovin
Subscribe to Health Care Update: Click Here
Site designed by LLH Graphics, LLC. © 2004-2006 for Schwartz Manes Ruby & Slovin.