Rhode Island DHS
Home DHS Home Page->HIPAA->HIPAA Security Final Rule
Site Map

Search


HIPAA Security Final Rule

Two HIPAA final regulations, those for Security Standards, and for Modifications to the Transactions Standards, went on display today at the Office of  The Federal Register . They will be published in the February 20, 2003 edition of the Federal Register.

Copies of the rules can be viewed at Centers for Medicare & Medicaid Services Website

These are the versions that were sent to the Office of the Federal Register. The Federal Register versions will be made available, via links, from this website.

Under the security standards announced today, health insurers, certain health care providers and health care clearinghouses must establish procedures and mechanisms to protect the confidentiality, integrity and availability of electronic protected health information. The rule requires covered entities to implement administrative, physical and technical safeguards to protect electronic protected health information in their care.

The security standards work in concert with the final privacy standards adopted by HHS last year and scheduled to take effect for most covered entities on April 14, 2003. The two sets of standards use many of the same terms and definitions in order to make it easier for covered entities to comply.

Covered entities (except small health plans) must comply with the security standards by April 21, 2005. Small heath plans will have an additional year to comply.

The final transaction modifications rule, which will also be published in the Federal Register on Feb. 20, 2003 combines two proposed rules published May 31, 2002. HHS worked extensively with the Designated Standards Maintenance Organizations (DSMOs) to revise the proposed changes to the standards, as required by Congress as part of HIPAA.

Major provisions of the final rule include:

  • Repealing the National Drug Code (NDC) as the standard medical data code set for reporting drugs and biologics in all non-retail pharmacy transactions.
  • Adopting a proposed Addenda to the implementation guides with some technical revisions based upon comments received and consultation with the DSMOs.

For retail pharmacy transactions:

  • Adopting the National Council for Prescription Drug Programs (NCPDP) Batch Version 1.1 to support the Telecommunications Version 5.1
  • Adopting the Accredited Standards Committee (ACS)  X12N 835 as the standard for payment and remittance advise and the NCPDP Telecommunications Version 5.1 and NCPDP Batch Version 1.1. Implementation Guides as the standard for the referral certification and authorization transaction.
  • Continuing the use of NDC code set for the reporting of drugs and biologics.

The rule also adopts modified standards for two transactions that were not included in the proposed rules  -- premium payments, and coordination of benefits. The modifications were approved by the DMSOs and merely provide explanatory guidance.