Standards for Security and Electronic Signatures

Security and Electronic Signature Standards

HHS SUMMARY: This rule proposes standards for the security of individual health information and electronic signature use by health plans, health care clearinghouses, and health care providers. The health plans, health care clearinghouses, and health care providers would use the security standards to develop and maintain the security of all electronic individual health information. The electronic signature standard is applicable only with respect to use with the specific transactions defined in the Health Insurance Portability and Accountability Act of 1996, and when it has been determined that an electronic signature must be used.

The use of these standards would improve the Medicare and Medicaid programs, and other Federal health programs and private health programs, and the effectiveness and efficiency of the health care industry in general. This rule would implement some of the requirements of the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996.

Full Document (PDF format)

Download Adobe Acrobat Reader

• Summary and Introduction
• Background
• Provisions of this Proposed Rule
• Definitions
• Effective Dates--General
• Security Standard--General
• Administrative Procedures
• Physical Safeguards to Guard Data Integrity, Confidentiality, and Availability
• Technical Security Services to Guard Data Integrity, Confidentiality, and Availability
• Technical Security Mechanisms to Guard Against Unauthorized Access to Data that is Transmitted over a Communications Network
• Electronic Signature Standard
• Impact Analysis
• Collection of Information Requirements
• Regulation Text
• Addendum 1: HIPAA SECURITY MATRIX
• Addendum 2: HIPAA SECURITY AND ELECTRONIC SIGNATURE STANDARDS GLOSSARY OF TERMS
• Addendum 3: HIPAA SECURITY MATRIX-mapping