CMS spells out HIPAA Security Rule

September 22, 2005

The April 20 deadline for the Health Insurance Portability and Accountability Act Security Rule has come and gone, but some radiology departments are still struggling to meet compliance. The Centers for Medicare and Medicaid Services has come to their rescue, publishing three more educational papers that help demystify the rule.

The April 20 deadline for the Health Insurance Portability and Accountability Act Security Rule has come and gone, but some radiology departments are still struggling to meet compliance. The Centers for Medicare and Medicaid Services has come to their rescue, publishing three more educational papers that help demystify the rule.

The papers released in June join two other educational papers concerning security topics that the CMS published previously. The organization plans to release another two papers, for a total of seven:

- Security 101 for Covered Entities; Security Standards: Physical Safeguards;

- Security Standards: Administrative Safeguards;

- Security Standards: Technical Safeguards;

- Security Standards: Organizational, Policies and Procedures;

- Documentation Requirements,

- Basics of Risk Analysis and Risk Management; and

- Implementation for the Small Provider.

While the CMS does not yet have a publication date for the small provider paper, the risk analysis paper has completed the review process and should be published shortly.

For links to PDF files containing the educational series, users can visit the HIPAA Web site and navigate to the page devoted to Security Rule education (www.cms.hhs.gov/ hipaa/ hipaa2). HIPAA's main Web site also has links to frequently asked questions, additional educational materials, and a schedule for roundtable discussions on the topic.