HIPAA Electronic Security Regs Are Final

The final standards for the security of electronic protected health information (PHI) which must be followed by health plans, health providers and health care clearinghouses (Covered Entities) under the Health Insurance Portability and Accounability Act of 1996 (HIPAA) were released February 20, 2003 by the Department of Health and Human Services (HHS). Compliance with the security regulations is not required until April 21, 2005 for Covered Entities, other than small health plans that have an additional year to comply. However, under the HIPAA privacy regulations, Covered Entities are required to take steps to protect access to all forms of PHI by April 14, 2003, or a year later for small health plans. Compliance with the privacy regulations with respect to electronic PHI is expected to meet many of the requirements of the security regulations.