HIPAA Security Rule Resources

The Security Rule (and then some)

Are you responsible in whole or in part for taking care of HIPAA Security Rule compliance in your organization? Have you actually read the Security Rule? If not, it's the perfect place to start. You'll find all of these rules in this Combined Regulation Text from HHS:

  • Transactions and Code Set Standards
  • Identifier Standards
  • Privacy Rule
  • Security Rule (Located at 45 CFR Part 160 and Subparts A and C of Part 164)
  • Enforcement Rule
  • Breach Notification Rule

Combined Regulation Text (updated, March 2013) - Download

HHS's HIPAA Security Series

The HIPAA Security Series provides guidance and insight into the Security Rule. It addresses every Standard (22 of them) and Implementation Specification (42 of them) by explaining the essence of each requirement, the thought process behind them, and some possible ways to address them. These papers are relatively easy to read and do a good job of putting the government-speak into everyday language.

Security Series #1 - Security 101 - Download
Security Series #2 - Administrative Safeguards - Download
Security Series #3 - Physical Safeguards - Download
Security Series #4 - Technical Safeguards - Download
Security Series #5 - Organizational, Policies & Procedures, and Documentation Standards - Download
Security Series #6 - Basics of Risk Analysis and Risk Management -- Download
Security Series #7 - Implementation for the Small Provider - Download

A1 - Guidance on Risk Analysis Requirements under the HIPAA Security Rule - Download
A2 - Guidance on Remote Use of ePHI - Download

NIST Documents

NIST is the National Institute of Standards and Technology. Their Computer Security Division has published several very helpful papers to guide readers through some of the more difficult concepts you'll run into when complying with the Security Rule. These are more in depth than the Security Series (above) and they drill into several of the main elements of compliance.

800-66 - An Introductory Resource Guide for Implementing the HIPAA Security Rule - Download
800-30 - Guide for Conducting Risk Assessments - Download
800-118 - Guide to Enterprise Password Management - Download
All NIST 800 Documents

Watch Our HIPAA Webinar Series

Click the playlist button in the upper left corner to view all HIPAA webinars.

Related Articles