Helpful HIPAA Security Rule Resources

We're bringing together in one place all the resources you'll to get started and stay on top with your Security Rule compliance.  Don't see something you need?  Drop us a line to let us know what you're looking for and we'll be happy to round it up for you.  Gratis!  It's all about removing the mystery so you can succeed. 

The Security Rule (and then some)

Are you responsible in whole or in part for taking care of HIPAA Security Rule compliance in your organization? Have you actually read  the Security Rule? If not, it's the perfect place to start. You have? It never hurts to read it again. Here it is, on us. Actually, you'll find all of these rules in this Combined Regulation Text from HHS:

  • Transactions and Code Set Standards
  • Identifier Standards
  • Privacy Rule
  • Security Rule (Located at 45 CFR Part 160 and Subparts A and C of Part 164)
  • Enforcement Rule
  • Breach Notification Rule

Combined Regulation Text (updated, March 2013) -- Download
ONC's Guide to Privacy and Security of Electronic Health Information -- Download
 

HHS's HIPAA Security Series

The HIPAA Security Series provides guidance and insight into the Security Rule. It addresses every Standard (22 of them) and Implementation Specification (42 of them) by explaining the essence of the each requirement, the thought process behind them, and some possible ways to address them. These papers are relatively easy to read and do a good job of putting the government-speak into everyday language.

Security Series #1 - Security 101 -- Download
Security Series #2 - Administrative Safeguards -- Download
Security Series #3 - Physical Safeguards -- Download
Security Series #4 - Technical Safeguards -- Download
Security Series #5 - Organizational, Policies & Procedures, and Documentation Standards -- Download
Security Series #6 - Basics of Risk Analysis and Risk Management -- Download
Security Series #7 - Implementation for the Small Provider -- Download

A1 - Guidance on Risk Analysis Requirements under the HIPAA Security Rule -- Download
A2 - Guidance on Remote Use of ePHI - Download
 

NIST Documents

NIST is the National Institute of Standards and Technology.  Their Computer Security Division has published several very helpful papers to guide readers through some of the more difficult concepts you'll run into when complying with the Security Rule. These are more in depth than the Security Series (above) and they drill into several of the main elements of compliance.

800-66 - An Introductory Resource Guide for Implementing the HIPAA Security Rule -- Download
800-30 - Guide for Conducting Risk Assessments  -- Download
800-118 - Guide to Enterprise Password Management-- Download