Security & Privacy


The S&P Workgroup has overall, general and ongoing responsibility to identify and work towards resolution on all implementation issues related to securing, and protecting health information across the industry. It follows the HIPAA Security, Breach and Privacy and related regulations, such as GINA.

The workgroup’s goal is to facilitate the implementation of HIPAA HITECH Privacy, Breach and Security requirements across many variations of covered entities, business associates and interested parties across the health care industry, as well as  facilitate the review of Privacy, Breach and Security beyond HIPAA/HITECH in the growing areas of EHR, HIEs, HIX’s and interoperability.

Work Products

Beyond Breaches and Business Associates: An Overview of Changes to HIPAA under ARRA/HITECH White Paper, Final Version

by Eric Mosel | May 01, 2010
This White Paper focuses primarily on changes and additions to the HIPAA regulations resulting from ARRA Title XIII Subtitle D , also known as the HITECH Act privacy provisions. The changes required by the HITECH Act clearly impact the HIPAA privacy and security regulations and organizations' related policies and procedures. However, there are also other newly effective or enforceable Federal regulations such as GINA and the Red Flags Rule, which will also impact the same HIPAA-related policies and procedures.

The HITECH Act privacy provisions encompass several areas and include several notable new definitions in Section 13400 including Breach, Electronic Health Record (managed by providers), and Personal Health Record (managed by the individual).

Conference Calls

3rd Thursday of each month
1:00 - 2:00PM ET
Click here for dial in information