CMS Issues New Security Rule Advice
Health Data Management (August 18, 2005)

The Centers for Medicare and Medicaid Services has released the sixth of seven educational papers on the HIPAA security rule. The latest offering covers risk analysis and management.

The paper reviews pertinent security rule implementation specifications and the basic concepts of risk analysis and management, and general steps to conduct assessments.

Previous educational papers covered an overview of the rule; physical, administrative and technical safeguards; and policies, procedures and documentation requirements. The papers--most of which were released shortly before or after the April 20 compliance deadline--are designed to explain specific requirements of the rule from those who will enforce it, the thought process behind the requirements, and possible ways to address the provisions.

The six educational papers released to date are available at http://cms.hhs.gov/hipaa/hipaa2.

The final paper in the series will address security rule implementation for small provider organizations.

Posted to HIPAAcomply 8/18/05