URAC Board Approves HIPAA Security Accreditation Standards; URAC is HIPAA Accreditation Leader with 10 Companies In-Process for Security

PR Newswire (May 6, 2003) -- URAC announced today that its Board of Directors has approved the nation's first and only independent HIPAA Security Accreditation program for Covered Entities and Business Associates, and that 10 companies operating in more than 20 different sites across the nation are currently in the process of seeking accreditation.

With a strong emphasis on the fundamentals of ongoing risk management, URAC's HIPAA Security Accreditation program enables health care organizations to validate their security compliance program and demonstrate to their customers and business partners that they have taken the necessary steps to safeguard Protected Health Information (PHI) in accordance with the HIPAA Security Rule.

"The commitment to security shown by this early group of applicants sets an excellent example for Covered Entities and Business Associates alike," said Garry Carneal, URAC president and CEO. "We appreciate the participation of our beta applicants, who have provided us with the feedback and experience necessary to bring the HIPAA Security Accreditation program to fruition."

Members of the "beta" group for HIPAA Security Accreditation include:

• American Specialty Health, Inc., and its affiliates including:

-- American Specialty Health Plans of California
-- American Specialty Health Networks
-- American Specialty Health Insurance Company
-- Healthyroads

• Health Ink & Vitality Communications
• Imogen Systems
• MedRisk, Inc.
• National Imaging Associates, Inc.
• Wausau Benefits

"As the only health care accreditation body with HIPAA Privacy and Security programs for Covered Entities and Business Associates, URAC has clearly established itself as the industry leader in HIPAA accreditation," said Lisa Gallagher, URAC's senior vice president of Information and Technology Accreditation. "URAC is committed to supporting organizations in their HIPAA Security compliance, and we will continue to deliver accreditation and certification programs supporting information technology use in the health care industry."

URAC's Information & Technology Accreditation Department was launched in January 2003 with a mandate to create innovative new programs that meet the growing need of health care organizations to address their changing use of information technology. To support this goal, URAC has added to its in-house staff of health care, security and technology experts and engaged the industry in a wide variety of ways, including the joint URAC/NIST Security Workgroup, the upcoming Search Engine Summit, the creation of two new accreditation programs and plans for additional initiatives in 2003 and 2004. With Board approval of the HIPAA Security Standards, the department now holds stewardship of three fully operational information and technology accreditation programs: Health Web Site, HIPAA Privacy and HIPAA Security.

URAC HIPAA Security Accreditation is awarded for a two year period, at the end of which an accredited organization must submit a reaccreditation application for URAC's review before accreditation is granted for additional two-year periods. For more information contact Eamon Bobowski of URAC's Information and Technology Accreditation Department at 202-962-8835 or by sending e-mail to ita@urac.org.