110 STAT. 2026 PUBLIC LAW 104-191—AUG. 21, 1996 "(ii) the costs of security measures; "(iii) the need for training persons who have access to health information; "(iv) the value of audit trails in computerized record systems; and "(v) the needs and capabilities of small health care providers and rural health care providers (as such providers are defined by the Secretary); and "(B) ensure that a health care clearinghouse, if it is part of a larger organization, has policies and security procedures which isolate the activities of the health care clearinghouse with respect to processing information in a manner that prevents luiauthorized access to such information by such larger organization. "(2) SAFEGUARDS. —Each person described in section 1172(a) who maintains or transmits health information shall maintain reasonable and appropriate administrative, technical, and physical safeguards— "(A) to ensure the integrity and confidentiality of the information; "(B) to protect against any reasonably anticipated— "(i) threats or hazards to the security or integrity of the information; and "(ii) unauthorized uses or disclosures of the information; and "(C) otherwise to ensure compliance with this part by the officers and employees of such person. " (e) ELECTRONIC SIGNATURE. — "(1) STANDARDS.—The Secretary, in coordination with the Secretary of Commerce, shall adopt standards specif3ring procedures for the electronic transmission and authentication of signatures with respect to the transactions referred to in subsection (a)(1). "(2) EFFECT OF COMPLIANCE.—Compliance with the standgirds adopted under paragraph (1) shall be deemed to satisfy Federal and State statutory requirements for written signatures with respect to the transactions referred to in subsection (a)(1). "(f) TRANSFER OF INFORMATION AMONG HEALTH PLANS. —The Secretary shall adopt standards for transferring among health plans appropriate standard data elements needed for the coordination of benefits, the sequential processing of claims, and other data elements for individuals who have more than one health plan. "TIMETABLES FOR ADOPTION OF STANDARDS 42 USC I320d-^. "SEC. 1174. (a) INITIAL STANDARDS.— The Secretary shall carry out section 1173 not later than 18 months afl;er the date of the enactment of the Health Insurance Portability and Accountability Act of 1996, except that standards relating to clsdms attachments shall be adopted not later than 30 months after such date. "(b) ADDITIONS AND MODIFICATIONS TO STANDARDS.— "(1) IN GENERAL.— Except as provided in paragraph (2), the Secretary shall review the standards adopted under section 1173, and shall adopt modifications to the standards (including additions to the standards), as determined appropriate, but not more frequently than once every 12 months. Any addition or modification to a standard shall be completed in a manner which minimizes the disruption and cost of compliance.
�
