Physicians, hospitals, insurance companies and other health professionals on Thursday will be required to be in compliance with the Health Insurance Portability and Accountability Act security rule, which took effect April 1, the... Wall Street Journal reports. The new rule applies to the electronic, administrative and physical security of health information and establishes 13 standards with which health care providers must comply. It requires health groups to have on staff a chief information security officer, perform an analysis of security risks, take safeguards to address security vulnerabilities and train employees on compliance. Violators of the rule are subject to a $250,000 penalty and 10 years in prison. Karen Trudel, HHS deputy director of HIPAA standards, also noted that a provider who is not in compliance risks a security breach and a "badly tarnished reputation," the Journal reports. However, HHS officials have not yet "aggressively" monitored for lapses, an indication that "the regulations give the providers and insurers some latitude on how to comply," the Journal reports. In fact, the rule states that it is "impossible to dictate a specific solution" for all care providers. The rule is the third installment in a series of HIPAA rules; previous rules have aimed to standardize the format for submitting and processing medical claims and limit access to an individual's medical records. The HIPAA rules also have made it easier for patients to obtain their own records and request changes if they perceive an error. According to the Journal, the cost of complying with the regulations is "substantial." The American Hospital Association estimates that hospitals will spend $22 billion over five years to comply with the HIPAA privacy regulation. Surveys have indicated that many providers are not in compliance with HIPAA standards (Conkey, Wall Street Journal, 4/21).

"Reprinted with permission from kaisernetwork kaisernetwork. You can view the entire Kaiser Daily Health Policy Report, search the archives, or sign up for email delivery at kaisernetwork/dailyreports/healthpolicy. The Kaiser Daily Health Policy Report is published for kaisernetwork, a free service of The Henry J. Kaiser Family Foundation . © 2005 Advisory Board Company and Kaiser Family Foundation. All rights reserved.