Today's the day! This new rule applies to electronic, administrative and physical security of patient identifyable health data.
The security rule requires health groups to have on staff a chief information security officer, perform an analysis of security risks, take safeguards to address security vulnerabilities and train employees on compliance. Violators of the rule are subject to a $250,000 penalty and 10 years in prison.
The American Hosital association reports the cost of complying to what are in reality basic security requirements will be $22 billion over five years. I had no idea that data security was so deficient in hospitals that they'd need to spend $22 BILLION.