Solutions About Equivus Products and  Services Home Contact Us News Solutions About Equivus Products and  Services Contact Us News
  The Health Insurance Portability and Accountability Act


The proposed security rule published in August 1998 requires every covered healthcare organization to have an information security program in place. It is expected that most of the proposed standards will be implemented in the final rule once it is published. Publication of the final rule is expected by September 2002. There is the expectation that the final rule may contain increased audit requirements as well as clarification of how paper and oral communications will be affected by the security standards. It is also expected that electronic signatures will be covered separately in their own Notice of Proposed Rule Making (NPRM).

The proposed security standard addresses how data is stored and accessed. It provides the means for safeguarding data integrity, confidentiality and availability through a documented formal information security process that includes:

  • Administrative Policies and Procedures
  • Physical Safeguards
  • Technical Security Services
  • Technical Security Mechanisms


This section of the regulations establishes a management structure that identifies roles and responsibilities for security oversight and operational aspects of data management. This formalized plan demonstrates the organization's commitment to safeguard protected health information (PHI). The plan has established security goals that facilitate prevention, detection, containment and correction of security breaches. All covered entities must document the execution of the compliance plan, including regular reports to senior management about the program and education of how security values, policy and processes are effectively communicated to employees.


All covered entities will be required to ensure the physical safety of PHI as well as the hardware used to store and transmit it. These measures include physical access and media controls, secure workstation locations and detailed polices and guidelines on workstation use. These guidelines will include measures such as supervision of contractors in secure areas, maintaining an audit trail of all access and establishing appropriate controls when sending equipment off site. All employees should be trained in appropriate physical safeguard and security practices.


Technical security services protect, control and monitor access to information. These include the authentication of data and entities involved in transaction processing as well as establishing and maintaining audit controls.


The prevention of unauthorized access to electronically transmitted data is provided by technical security mechanisms. These establish procedures regarding communications and network controls for data in transit that include integrity controls, alarms and adverse event reporting.

Further information

To discuss your particular requirements, or for further information on Equivus products and services, please feel welcome to call us on 866.378.4887. Alternatively please email

Transactions and Code Sets
Unique Identifiers
Compliance Schedule
Equivus HIPAA Services
Related Links
Key Definitions
More Information

© 2000 EQUIVUS, Inc. All Rights Reserved Powered by Equivus Hosting Services

Home | About Equivus | Products & Services | News | Careers | Support | Contact | Search | Site Map