Question 1 : How will we know if our organization and our systems are compliant with the HIPAA Security Rule's requirements?

Question 2 : In the final Security Standards Rule published in the Federal Register on February 20, 2003, what is the difference between addressable and required specifications?

Question 3 : What is the purpose of the HIPAA Security Standards rule and why were security standards needed as published in the Federal Register on February 20, 2003?

Question 4 : What does the HIPAA Security Rule require a covered entity to do to comply with the Security Incidents Procedures standard?


Question 5 : Who will enforce the HIPAA standards?

Question 6 : What will the HIPAA enforcement process look like?

Question 7 : What is the difference between Risk Analysis and Risk Management in the HIPAA Security Rule?

Question 8 : Are small providers exempt from HIPAA?

Question 9 : What is the purpose of the National Provider Identifier (NPI)? Who must use it, and when?

Question 10 : How could a small provider implement the security standards as published in the Federal Register on February 20, 2003?

Question 11 : Is mandatory encryption in the HIPAA Security Rule?

Question 12 : What does the HIPAA Security Rule require a covered entity to do to comply with the Security Incidents Procedures standard?

Question 13 : What are some examples of threats that covered entities should address when conducting their risk analysis in order to comply with the Security Rule?

Question 14 : Are we required to "certify" our organization's compliance with the security standards?