ATG HIPAA Security Rule Alerts
Alert #1
The Compliance Date is April 21, 2005 for most Covered Entities

Karen Trudel, acting director of HIPAA standards for the Centers for Medicare and Medicaid Services, told the Wall Street Journal that she hasn't seen evidence that health care organizations can't achieve compliance with the security rule. But, she added, "This is a really good time for people to start thinking about HIPAA security if they haven't already ... A year really isn't a long time."

With 18 standards and 35 specifications, many health care organizations still have a long way to go to implement an information security program that meets baseline regulations and business requirements.
THE LAW
164.318 Compliance dates for the initial implementation of the security standards.
(a) Health plan.
(1) A health plan that is not a small health plan must comply with the applicable requirements of this subpart no later than April 20, 2005.
(2) A small health plan must comply with the applicable requirements of this subpart no later than April 20, 2006.
(b) Health care clearinghouse. A health care clearinghouse must comply with the applicable requirements of this subpart no later than April 20, 2005.
(c) Health care provider. A covered health care provider must comply with the applicable requirements of this subpart no later than April 20, 2005.
Back to ATG HIPAA Security Alerts