University of New Mexico Health Sciences Center

The Security Rule

• The Final Rule adopting HIPAA standards for the security of electronic health information was published in the Federal Register on February 20, 2003.

• This final rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to ensure the confidentiality of electronic protected health information (ePHI).

• The standards are defined as either required or addressable implementation specifications.

• Covered entities,with the exception of small health plans, should have complied with the requirements of this final rule by April 21, 2005. Small health plans should have complied with the requirements of this final rule by April 21, 2006.

---

Related links:

          Security Rule Fact Sheet
          CMS Security Standards Overview
          Security Standards: Final Rule, Federal Register, Feb. 20, 2003

Why Compliance?
Code of Conduct
The Compliance Hotline
Policies and Procedures
Compliance Education
Vendor Compliance
OIG/GSA/SDN Exclusions
What is HIPAA?
The Privacy Rule
The Security Rule
Contact Us