ABSTRACT
From a high-level perspective, Security Rule compliance requires determining where your organization stands compared to the Health Insurance Portability and Accountability Act (HIPAA) requirements, what protected health information (PHI) risks are present, what information security controls can be put in place to reduce those risks, and how you will go about implementing those controls. To reduce the overall burden of Security Rule compliance, the Department of Health and Human Services made the Security Rule and the subsequent Health Information Technology for Economic and Clinical Health (HITECH) Act and Omnibus Rule requirements as scalable and exible as possible. is means that you can tailor your implementation plan based on your specic circumstances. According to the Security Rule documentation, it is “focused more on what needs to be done and less on how it should be accomplished.” is will allow small CEs to reasonably comply without breaking the bank, and larger CEs to integrate the specic requirements into their current systems.
