top of page

HIPAA Security Rule Resources

The Security Rule (and then some)

Are you responsible in whole or in part for taking care of HIPAA Security Rule compliance in your organization? Have you actually read the Security Rule? If not, it's the perfect place to start. You'll find all of these rules in this Combined Regulation Text from HHS:

Transactions and Code Set StandardsIdentifier StandardsPrivacy RuleSecurity Rule (Located at 45 CFR Part 160 and Subparts A and C of Part 164)Enforcement RuleBreach Notification Rule

Combined Regulation Text (updated, March 2013) - Download

HHS's HIPAA Security Series

The HIPAA Security Series provides guidance and insight into the Security Rule. It addresses every Standard (22 of them) and Implementation Specification (42 of them) by explaining the essence of each requirement, the thought process behind them, and some possible ways to address them. These papers are relatively easy to read and do a good job of putting the government-speak into everyday language.

Security Series #1 - Security 101 - Download Security Series #2 - Administrative Safeguards - Download Security Series #3 - Physical Safeguards - Download Security Series #4 - Technical Safeguards - Download Security Series #5 - Organizational, Policies & Procedures, and Documentation Standards - Download Security Series #6 - Basics of Risk Analysis and Risk Management -- Download Security Series #7 - Implementation for the Small Provider - Download

A1 - Guidance on Risk Analysis Requirements under the HIPAA Security Rule - Download A2 - Guidance on Remote Use of ePHI - Download

NIST Documents

NIST is the National Institute of Standards and Technology. Their Computer Security Division has published several very helpful papers to guide readers through some of the more difficult concepts you'll run into when complying with the Security Rule. These are more in depth than the Security Series (above) and they drill into several of the main elements of compliance.

800-66 - An Introductory Resource Guide for Implementing the HIPAA Security Rule - Download 800-30 - Guide for Conducting Risk Assessments - Download 800-118 - Guide to Enterprise Password Management - Download All NIST 800 Documents

Watch Our HIPAA Webinar Series

Click the playlist button in the upper left corner to view all HIPAA webinars.


bottom of page