Impact of HIPAA Security Rules on Healthcare Organizations

HIPAA, the Healthcare Information Portability and Availability Act of 1996, became law on August 21, 1996 and with it, came the promise of sweeping changes to the management and operation of security for healthcare organizations and the data they possess. The primary focus of HIPAA was to mandate that healthcare information become 'portable' and 'available' by legislating the use of uniform electronic transactions and other administrative measures. In forcing the healthcare industry to adopt uniform electronic transaction standards for Healthcare information it was also necessary to protect that same information by including rules for how the information would be secured and safeguarded. The HIPAA regulations contain a section called Administrative Simplification (Title II Subtitle F) that articulates the Security rules (along with the Transaction and Privacy rules) for healthcare organizations that transmit or posses protected health information. This paper focuses on the impact of the Security rules.