View Rule
View EO 12866 Meetings | Printer-Friendly Version Download RIN Data in XML |
HHS/CMS | RIN: 0938-AI57 | Publication ID: Spring 2002 |
Title: Security Standards (CMS-0049-F) | |
Abstract: This final rule is being jointly developed by CMS and the Department of Commerce. This final rule adopts standards for the security of certain electronic identifiable health information of health plans, health care clearinghouses, and certain health care providers. It implements administrative simplification initiatives that have a national scope beyond the Medicare and Medicaid programs. | |
Agency: Department of Health and Human Services(HHS) | Priority: Economically Significant |
RIN Status: Previously published in the Unified Agenda | Agenda Stage of Rulemaking: Final Rule Stage |
Major: Yes | Unfunded Mandates: No |
CFR Citation: 45 CFR 162 | |
Legal Authority: PL 104-191 42 USC 1320d-2(d) |
Legal Deadline:
|
||||||||||||
Statement of Need: The Health Insurance Portability and Accountability Act of 1996 requires the Secretary of Health and Human Services to adopt security standards that require reasonable and appropriate administrative, technical and physical safeguards to: 1) ensure the integrity and confidentiality of health information; 2) protect against any reasonably anticipated threats or hazards to the security or integrity of the information; and 3) protect against unauthorized uses or disclosures of the information. This rule stipulates the requirements necessary to comply with the law. |
||||||||||||
Summary of the Legal Basis: The Administrative Simplification provisions of HIPAA require the Secretary to establish standards for the security of health information use by health plans, health care clearing houses, and certain health care providers. |
||||||||||||
Alternatives: In the absence of Federal regulations, the security of health care information in electronic form would be left to the private sector to develop. It is believed that this course of action would result in an extremely uneven level of protection (ranging from none to excessive) for electronic health information pertaining to individuals and make it difficult, if not impossible, to provide for privacy of this information. |
||||||||||||
Anticipated Costs and Benefits: As the effect of any one of the HIPAA standards is affected by the implementation of other standards, it is misleading to discuss the impact of one standard by itself. Therefore, an Impact Analysis on the total effect of all the standards was published in the proposed rule concerning the national provider identifier (HCFA-0045-P) which was published on May 7, 1998 (63 FR 25320). Security protection for health care information is not a "stand alone" type requirement. Appropriate security protections will be a business enabler, encouraging the growth and use of electronic data interchange. The synergistic effect of the employment of the recommended security practices, procedures and technologies will enhance all aspects of HIPAA's Administrative Simplification requirements. |
||||||||||||
Risks: The storage, handling and transmission of health information has long been a paper process. However, the transition from paper to electronic media has begun and is increasing at a rapid pace. This transition has brought on a significantly increased risk to the security and confidentiality of health information, particularly for information pertaining to individuals. This rule formally establishes a baseline set of requirements for security that must be adopted by health care providers, health plans and health care clearinghouses. Compliance with these requirements will greatly decrease risk to the security, integrity and confidentiality of health information. |
||||||||||||
Timetable:
|
Regulatory Flexibility Analysis Required: Yes | Government Levels Affected: Federal, Local, State, Tribal |
Small Entities Affected: Businesses | Federalism: Undetermined |
Included in the Regulatory Plan: Yes | |
Agency Contact: Barbara Clark Office of Information Services Department of Health and Human Services Centers for Medicare & Medicaid Services N2-14-10, 7500 Security Boulevard, Baltimore, MD 21244-1850 Phone:410 786-3017 |