Under the Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II), the Department of Health and Human Services (HHS) established national standards for the security of electronic health care information. The standards, also referred to as the final rule, specify a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information. The standards are delineated into either required or addressable implementation specifications.
The Centers for Medicare and Medicaid Services (CMS) has published a series of educational papers designed to to give HIPAA covered entities insight into the Security Rule and assistance with implementation of the security standards. You may wish to review the full series as published on the CMS web site.
Also, an article written by Mike Fleischman, FAAHC, of Gates, Moore & Company entitled "Expect Increased Focus on HIPAA Security in 2008" (4-page Word file; About Downloading) provides security rule background information, components, and implementation perspective which may assist you in implementing or updating your practices. The AAFP previously collaborated with Gates, Moore & Company in offering the AAFP HIPAA and OSHA manuals.
HIPAA
