Go to MyFlorida Home AHCA champions accessible, affordable, quality health care for all Floridians Skip to Global Links Skip to Search Skip to Main Navigation Skip to Content
Home Find an Agency Contact Us 411 Site Map Help
Site Navigation
Medicaid
Health Facilities
Consumer Information
Publications & Forms
Licensing & Certification
Managed Care (HMOs)
Health Data
Agency Initiatives
About AHCA
Local Navigation
About Florida Medicaid
Abuse & Overpayment
Access to Specialty Care
Area Offices
Assistive Care Services
Behavioral Health
Beneficiary Services
Child Health Services
Cost Reimbursement
Deputy Secretary
Disease Management
Durable Medical Equipment (DME)
Family Planning
Florida Senior Care
HCBS Waivers
HHS Access Project
HIPAA
ITN/RFP
Medicaid Encounter Data System (MEDS)
Medicaid HMOs
Medicaid Prepaid Therapies
Medicaid Privacy Notice
Medicaid Provider Satisfaction Survey
Medicaid Reform
MediKids
MediPass
Newborn Eligibility
Nursing Facility Provider Information
Organ Transplant Advisory Council
Payment Error Rate Measurement (PERM)
Pharmacy Services
Preferred Drug List
Provider Service Network (PSN)
Quality in Managed Care
Quality Management
Recent Presentations
Report Medicaid Fraud
Utilization Review

HIPAA Security Standards

Status

The final Security Rule, published February 20, 2003, adopts standards for the security of electronic protected health information to be implemented by health plans, health care clearinghouses, and certain health care providers. The compliance date for most covered entities will be April 21, 2005 (April 21, 2006 for small health plans).

The proposed electronic signatures component of the rule has been delayed until a later date.

Background

The confidentiality of health information is threatened not only by the risk of improper access to stored information, but also by the risk of interception during electronic transmission of the information. Currently, no standard measures exist in the health care industry that address all aspects of the security of electronic health information while it is being stored or during the exchange of that information between entities.

Purpose

The purpose of the final Security Rule is to adopt national standards for safeguards to protect the confidentiality, integrity, and availability of electronic protected health information and require that measures to be taken to secure this information while in the custody of entities covered by HIPAA (covered entities) as well as in transit between covered entities and from covered entities to others.

  • Ensures integrity, confidentiality and availability of electronic protected health information
  • Protects against reasonably anticipated threats or hazards, and improper use or disclosure

Scope

  • Includes all electronic protected health information (EPHI)
  • Includes protected health information that is transmitted or maintained electronically
  • Applies to all covered entities

General Concepts

  • Flexible, Scalable - Permits standards to be interpreted and implemented appropriately from the smallest provider to the largest plan
  • Comprehensive - Covers all aspects of security, behavioral as well as technical
  • Technology Neutral - Allows the utilization of future technological advances

Standards

The standards are general requirements and include:

  • Eighteen administrative, physical and technical standards
  • Four organizational standards - Hybrid entities, affiliated entities, business associate contracts, group health plan requirements
  • Two overarching standards - Policies and procedures; and documentation requirements
Home | Doing Business with AHCA | Disclaimer | Contact Webmaster
Copyright ©2003 State of Florida | Privacy Statement | Notice of Privacy Practices