HIPAA-compliant configuration guidelines for Information Security in a Medical Center environment

The Health Insurance Accountability and Portability Act of 1996 (HIPAA) was passed by Congress and signed into law by President Bill Clinton. This Act mandates that health care providers and other covered entities implement comprehensive privacy of protected health information of patients. HIPAA regulations cover three important areas: information privacy, information security, and standardization of transaction code sets. It should be noted that the rules for the HIPAA Security standards were proposed in August, 1998. As of the date of this writing, the final Security rules had not been published in the Federal Register, which is the last step to making them law. The final HIPAA security regulations will become effective two years after the date of their publication in the Federal Register, so the final compliance date has not been set.