HIPAA Security Rule hits another pothole

Article

Publication of HIPAA's Security Rule, promised at the end of December, has been delayed again. But Privacy Rule compliance still looms this spring. The Federal Register of Friday, Dec. 27, 2002, made no mention of the final security rule nor the

Publication of HIPAA's Security Rule, promised at the end of December, has been delayed again. But Privacy Rule compliance still looms this spring.

The Federal Register of Friday, Dec. 27, 2002, made no mention of the final security rule nor the transactions modifications due to be published on that date. The Rule had previously been promised December 2001, then February 2002, then August 2002. The rule is now expected to be published in February 2003.

The Department of Health and Human Services did not publish the rules on Dec. 27 as expected, nor did it explain the latest delay.

"Managing expectations is a required skill for HIPAA implementations," said Jim Bloedau, president of Information Advantage Group, a San Francisco e-healthcare consulting firm.

As of Jan. 13, the Security Rule had been handed off to the Office of Management and Budget, the White House panel that reviews federal regulations for budgetary impact.

OMB usually takes two weeks to 90 days to turn around a regulation. OMB anticipates publishing the final rule, along with any modifications to the Transactions and Code Set Standards, in February, according to Tracy Field, an attorney specializing in HIPAA issues at Arnall Golden Gregory in Atlanta.

Once the Security Rule is published, covered entities will have two years to comply with the security regulations. Small health plans will be given an additional 12 months to comply, said Kris Hughes, an attorney with SG&A Consulting.

The Security Rule addresses issues such as encryption of e-mail, firewalls, and password integrity.

"The Security Rule is more technical in terms of how you keep locks on your doors and how you make sure that only authorized people are in your building," Field said.

The Privacy Rule deals with issues inside the walls. Now that you have authorized people in the building, how do you ensure they're communicating appropriately.

"The distinction is artificial," Field said. "I'm not sure it holds water. How can you ensure privacy without security? You can't, yet these rules are on totally different tracks."

Privacy Rule compliance deadline is still April of this year.

The disparity can be frustrating for providers preparing to comply with the Privacy Rule, especially those considering revamping the way they transmit electronic data, Field said.

"How do you do that if you don't know what the security requirements are going to be?" Field said.

Newsletter

Stay at the forefront of radiology with the Diagnostic Imaging newsletter, delivering the latest news, clinical insights, and imaging advancements for today’s radiologists.

Recent Videos
SNMMI: Emerging PET Insights on Neuroinflammation with Progressive Apraxia of Speech (PAOS) and Parkinson-Plus Syndrome
Improving Access to Nuclear Imaging: An Interview with SNMMI President Jean-Luc C. Urbain, MD, PhD
SNMMI: 18F-Piflufolastat PSMA PET/CT Offers High PPV for Local PCa Recurrence Regardless of PSA Level
SNMMI: NIH Researcher Discusses Potential of 18F-Fluciclovine for Multiple Myeloma Detection
SNMMI: What Tau PET Findings May Reveal About Modifiable Factors for Alzheimer’s Disease
Emerging Insights on the Use of FES PET for Women with Lobular Breast Cancer
Can Generative AI Reinvent Radiology Reporting?: An Interview with Samir Abboud, MD
Mammography Study Reveals Over Sixfold Higher Risk of Advanced Cancer Presentation with Symptom-Detected Cancers
Combining Advances in Computed Tomography Angiography with AI to Enhance Preventive Care
Study: MRI-Based AI Enhances Detection of Seminal Vesicle Invasion in Prostate Cancer
Related Content
© 2025 MJH Life Sciences

All rights reserved.