Most Recent A new Model Business Associate Agreement has been posted. This agreement includes provisions required by the new HIPAA Security Rule. Subscribers can find the agreement in the Tools section of the guide.

The final HIPAA Security Rule was published in February, 2003, and became effective on April 20, 2003. The compliance deadline for most covered entities is April 21, 2005. The rule gives covered entities considerable latitude in developing “reasonable and appropriate” security programs. The price of that flexibility is that there is no “cookie cutter” approach to compliance. Covered entities must evaluate risks to the confidentiality, integrity and availability of electronic protected health information in their operating environment, then implement “reasonable and appropriate” administrative, physical, and technical safeguards to mitigate risk.

Chapter 9 of this guide has been completely rewritten to explain the requirements of the final Security Rule. An updated Business Associate Agreement, including provisions required by the Security Rule has also been posted.

If you would like to read the final Security Rule, please go to: www.cms.hhs.gov/hipaa/hipaa2/default.asp

If you have questions about the new rule, or need additional information, do not hesitate to conduct us at 877-721-2020, or at info@hipaacomplianceguide.com.

Thank you for your support of our work.

Paul Litwak