After years of delay, the final HIPAA Security Rule is here. Compliance will require CEs to (1) fully understand the threats to and vulnerabilities of their EPHI and (2) implement a wide variety of security best practices. In the past few years , customers and business partners have increasingly expected health care organizations to appropriately protect EPHI; the Security Rule makes it a federal law to do so.
Complying with the Security Rule can require significant time and resources. This is the time to gain an understanding of the rule and to take initial steps toward compliance.