Department of Health and Human Services

Office of the Secretary

45 CFR Parts 160, 162, and 164

Health Insurance Reform: Security Standards; Final Rule

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of the Secretary

45 CFR Parts 160, 162, and 164

[CMS–0049–F]

RIN 0938–AI57

Health Insurance Reform: Security Standards

AGENCY: Centers for Medicare & Medicaid Services (CMS), HHS.

ACTION: Final rule.

SUMMARY: This final rule adopts standards for the security of electronic protected health information to be implemented by health plans, health care clearinghouses, and certain health care providers. The use of the security standards will improve the Medicare and Medicaid programs, and other Federal health programs and private health programs, and the effectiveness and efficiency of the health care industry in general by establishing a level of protection for certain electronic health information. This final rule implements some of the requirements of the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

DATES: Effective Date: These regulations are effective on April 21, 2003.

Compliance Date: Covered entities, with the exception of small health plans, must comply with the requirements of this final rule by April 21, 2005. Small health plans must comply with the ...