Federal Government Finally Issues HIPPA Compliance Rules

The document does provide some excellent guidance. It includes, for instance, tables showing activity categories, their descriptions and a series of "getting started" questions. And listings that differentiate mandatory provisions from recommended activities will help enterprises prioritize the process. The publication also offers examples of acceptable ways to meet HIPAA requirements--the kind of information for which consultants charge big bucks.

But the document has some limitations. It's specifically aimed at organizations that must comply with both HIPAA and Federal Information Processing Standards (FIPS). And it's designed mainly as an introduction to HIPAA compliance, not a complete treatment of the subject. With these two caveats, however, the guidelines could still be a major help to any organization working on HIPAA compliance. For example, the document includes table entries to help enterprises judge whether they have met specific parameters of compliance. These may be useful benchmarks, if only to reassure companies they've spent their resources wisely.

And because it spells out links between physical security, information security and data assurance, the report goes beyond HIPAA to provide solid security guidelines.

The publication would have been worth its weight in gold nine years ago. But if your organization could use some guidance today on HIPAA compliance--and whose couldn't?--you've got some new required reading.