Today's the day! This new rule applies to electronic, administrative and physical security of patient identifyable health data.

The security rule requires health groups to have on staff a chief information security officer, perform an analysis of security risks, take safeguards to address security vulnerabilities and train employees on compliance. Violators of the rule are subject to a $250,000 penalty and 10 years in prison.

The American Hosital association reports the cost of complying to what are in reality basic security requirements will be $22 billion over five years.  I had no idea that data security was so deficient in hospitals that they'd need to spend $22 BILLION.

You can read about specifics on how to comply with the 13 standards here.  And you can see how many hospitals and physicans were estimated to meet the deadline here. More on physician compliance here.