HIPAA Security Rule Resources
The Security Rule (and then some)
Are you responsible in whole or in part for taking care of HIPAA Security Rule compliance in your organization? Have you actually read the Security Rule? If not, it's the perfect place to start. You'll find all of these rules in this Combined Regulation Text from HHS:
Transactions and Code Set StandardsIdentifier StandardsPrivacy RuleSecurity Rule (Located at 45 CFR Part 160 and Subparts A and C of Part 164)Enforcement RuleBreach Notification Rule
Combined Regulation Text (updated, March 2013) - Download
HHS's HIPAA Security Series
The HIPAA Security Series provides guidance and insight into the Security Rule. It addresses every Standard (22 of them) and Implementation Specification (42 of them) by explaining the essence of each requirement, the thought process behind them, and some possible ways to address them. These papers are relatively easy to read and do a good job of putting the government-speak into everyday language.
Security Series #1 - Security 101 - Download Security Series #2 - Administrative Safeguards - Download Security Series #3 - Physical Safeguards - Download Security Series #4 - Technical Safeguards - Download Security Series #5 - Organizational, Policies & Procedures, and Documentation Standards - Download Security Series #6 - Basics of Risk Analysis and Risk Management -- Download Security Series #7 - Implementation for the Small Provider - Download
A1 - Guidance on Risk Analysis Requirements under the HIPAA Security Rule - Download A2 - Guidance on Remote Use of ePHI - Download
NIST is the National Institute of Standards and Technology. Their Computer Security Division has published several very helpful papers to guide readers through some of the more difficult concepts you'll run into when complying with the Security Rule. These are more in depth than the Security Series (above) and they drill into several of the main elements of compliance.
800-66 - An Introductory Resource Guide for Implementing the HIPAA Security Rule - Download 800-30 - Guide for Conducting Risk Assessments - Download 800-118 - Guide to Enterprise Password Management - Download All NIST 800 Documents
Watch Our HIPAA Webinar Series
Click the playlist button in the upper left corner to view all HIPAA webinars.