When Congress created the groundbreaking HIPAA legislation in 1996, it included compliance with a specific set of requirements related to the privacy of protected health information (PHI), but charged the health care industry itself with determining the operational standards necessary to evaluate compliance. As one of the industry's leading accreditation bodies, URAC became a focal point for the creation of an operational framework through which health care organizations could implement and validate their HIPAA Privacy compliance programs.

"URAC Board approval of the HIPAA Privacy standards marks the final step in developing a much needed accreditation system verifying that an organization has put in place the necessary infrastructure and implemented the necessary processes to comply with the HIPAA Privacy Rule," said Garry Carneal, URAC president and CEO. "I would like to personally thank all of the applicants in our beta group for helping us reach this moment."

Members of a "beta" group supply feedback to URAC as they test accreditation standards and processes to ensure that they are appropriate and effective. The beta group of in-process applicants for HIPAA Privacy accreditation is composed of 20 companies operating in more than 60 different sites across the nation. They are:

"The breadth of the beta group of applicants for HIPAA Privacy Accreditation is quite impressive," said Lisa Gallagher, senior vice president of URAC's Information and Technology Accreditation Department. "We designed the program with the ability to serve organizations of virtually any size and with the flexibility to meet the exact and differing needs of both Covered Entities and Business Associates. Receiving feedback from such a large number of beta applicants has enabled URAC to successfully test and validate this program."

Running on a parallel course to the HIPAA Privacy standards, URAC has also initiated the beta test phase for the HIPAA Security standards - based on the recent publication and release of the final Security Rule from HHS - and is actively seeking Covered Entities, Business Associates and others interested in joining the beta group for Security Accreditation. The HIPAA Security standards will be finalized at the end of April.

URAC HIPAA Privacy Accreditation is awarded for a two year period, at the end of which an accredited organization must submit a reaccreditation application for URAC's review before accreditation is granted for additional two year periods. For more information contact Eamon Bobowski of URAC's Information and Technology Accreditation Department at (202) 216-9010 x8835 or by sending e-mail to ita@urac.org.