Learn more about the hipaa security rules in this brief overview.

The HITECH Act and The HIPAA Security Final Rule

The Health Information Technology for Economic and Clinical Health (HITECH) Act, which was enacted as part of the American Recovery and Reinvestment Act (ARRA) of 2009, significantly modified and strengthened many aspects of the HIPAA Security Rule, including the penalties that the U.S. Department of Health and Human Services (HHS) could impose for violations of the HIPAA rules. Primarily due to decentralized oversight and enforcement, the original version of the HIPAA Security Rule was essentially ignored since its inception. However, all of that has changed as a result of the updates included in ARRA and more specifically HITECH. Oversight has been consolidated under HHS and the Office of Civil Rights, and penalties are now collected and utilized by a single agency HHS. If you are a “Business Associate” or “Covered Entity” it’s time to get serious, the deadline to be fully compliant with these final HIPAA rules has now passed! Benefit from our expertise by reviewing some of the HIPAA guidelines on our [intlink id=”152″ type=”page”]HIPAA Resources[/intlink] page. Then, jump-start your HIPAA Security Rule compliance efforts with our HIPAA Security Assessment Toolkit.

HIPAA Security Regulations

As a reminder, the Health Insurance Portability and Accountability Act (HIPAA) comprises three sets of standards — transactions and code sets, privacy, and security. The goals of these regulations are to:

  • Simplify the administration of health insurance claims and lower costs
  • Give individuals more control over and access to their medical information
  • Protect individually identifiable medical information from threats of loss or disclosure

The HIPAA Security Final Rule, the last of the three HIPAA Rules, was published in the February 20, 2003 Federal Register with an effective date of April 21, 2003. Most Covered Entities (CEs) had two full years — until April 21, 2005 — to comply with these standards. The reality is, most covered entities, especially providers, did not comply by that date and are still not HIPAA compliant today.

Purchase and download our HIPAA Security Assessment Toolkit™ now to immediately find out where you stand with respect to  HIPAA Security Rule compliance.

In general, the HIPAA Security Rule protects electronic patient health information (EPHI) whether it is stored in a computer or printed from a computer. The Security Rule is comprehensive including 18 regulation standards defining with what safeguards those covered by the Rule must implement and 35 specifications that describe how those standards must be implemented. The documentation requirements for the Security Rule are daunting to say the least. In fact, there are two standards in the Rule covering policies and procedures and documentation.In some cases, no guidance is provided for how the standards must be implemented. That´s where we come in!  Our HIPAA Security Assessment Toolkit™ is designed to help you understand and strengthen your compliance.

Most experts originally agreed that the HIPAA Security Rule requirements were much more extensive than the HIPAA Privacy Rule! To make matters worse, most healthcare companies and medical practices covered by the Rule continue to have limited staff resources to implement an initiative to comply with the Security Rule. And available information security consulting expertise in many communities has been and remains limited and expensive. The combination of all of these forces has produced a very clear result: very poor information security in the healthcare industry.


Enter the HITECH Act which many describe as both a “game-changer” and “ground-breaking”. Many industry analysts accurately observe that the healthcare industry is woefully unprepared for major changes in fifteen (15) key areas. Without a doubt, HITECH is the largest and most consequential expansion and change to the federal privacy and security rules ever. The fifteen (15) change areas comprise new federal privacy and security provisions that will have major financial, operational and legal consequences for all hospitals, medical practices, health plans, and now their “business associates.” Additionally, some vendors and service providers that were not previously considered “business associates” now are with the introduction of The HITECH Act.

Data Mountain provides the best online data backup, archiving, recovery and protection services in the world that help Covered Entities and Business Associates meet the stringent data protection requirements of both the HIPAA Security Rule and The HITECH Act.

Learn more about hipaa security rules and regulations at our HIPAA Security Blog.

Contact us for more information or to learn about a tailored Clearwater HIPAA Audit Prep WorkShop™ or the Clearwater HIPAA Audit Prep BootCamp™ series.

More HIPAA HITECH Resources:

The complete HIPAA Privacy, Security and Breach regulations are here.

Join our AboutHIPAA LinkedIn Group: http://AboutHIPAALI.org
Follow us on Twitter
Subscribe to our eNewsletter
Attend a live educational webinar.

Clearwater Compliance

Clearwater Compliance helps healthcare organizations ensure patient safety and improve the quality of care by safeguarding the confidentiality, integrity and availability of protected health information (PHI).

We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.