HIPAA Compliance and Identity and Access Management
Achieving regulatory compliance with the HIPAA Security Rule.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 has mandated the Department of Health and Human Services (DHHS) to publish a set of rules. The Privacy Rule was published on August 14 2002 and the Security Rule was published in the Federal Register on February 20 2003. Covered Entities were expected to comply with the Privacy Rule by April 14, 2003.
The health industry is currently preparing for implementation of the Security Rule. According to the official final rule, "Covered entities, with the exception of small health plans, must comply with the requirements of this final rule by April 21, 2005. Small health plans must comply with the requirements of this final rule by April 21, 2006."
The deadline for compliance with the Security Rule is therefore fast approaching. By April of 2005, most Covered Entities (CE) will be required to comply with it. However, a recent study "US Healthcare Industry Quarterly HIPAA Compliance Survey Results" issued by Phoenix Health System / HIMSS — Summer 2004 showed that as of January 2004, over 50% of CE responded that they will not be compliant until 2005.
The white paper lists the areas in which Evidian IAM software can help a Covered Entity (CE) be compliant with the requirements of the Code of Federal Regulations (CFR) pertaining to security to protect its Protected Health Information (PHI). Most of such requirements are set forth in Section 45 Part 164.