Security Requirements

May 16, 2002 Advisory

Security Requirements

Understand the Proposed Requirements and Address Them Where Appropriate in Privacy Implementation

The HIPAA security regulations are still in proposed form, as originally published on August 12, 1998. (Available at These proposed regulations outline general HIPAA-required security measures, including administrative, physical and technical safeguards. It is generally believed that the final security regulations will be similar to the proposed regulations. Once finalized, there will be a two-year period in which to comply with these security requirements.

All organizations working on HIPAA privacy implementation should be familiar with the security requirements. For efficiency in implementation, procedures identifying information flow for privacy implementation should be designed to identify issues relating to security as well. Organizations contemplating the purchase of new computer systems or software should also be sensitive to these proposed requirements.

Wiggin & Dana HIPAA Services

Wiggin & Dana is presently working with a wide variety of organizations covered under HIPAA, as well as groups of organizations working on collaborative HIPAA implementation projects. We have structured our services to be flexible enough to provide as little or as much help as any one client may need. For example, we can help oversee an organization's entire compliance effort; we can develop or review necessary forms, models, policies and procedures; and/or we can provide support through trouble-shooting specific issues or problems. Pricing structures are also flexible. For a "menu" of our available HIPAA services, please see our HIPAA web page or contact a member of our HIPAA team.