HIPAA Security Launch Kit

May 18, 2004

Dear Health Care Executive:

At the American Hospital Association (AHA), we frequently hear from hospital executives about their concerns with the security requirements of the Health Insurance Portability and Accountability Act (HIPAA). By April 2005, hospitals must achieve compliance in five areas: administrative safeguards, physical safeguards, technical safeguards, organizational safeguards, security policies, and procedures and documentation.

To help our member hospitals address these concerns, the AHA conducted comprehensive market assessments to find organizations capable of meeting the diverse needs of our members. The nature of the security rule required partners with an in depth understanding of health care, the specifics of the security rule, and how the two will intersect.

In May 2003, the American Hospital Association selected Ernst & Young LLP (Ernst & Young), a nationally recognized organization, as its strategic advisor for HIPAA security services. Additionally, the AHA exclusively endorsed Ernst &Young’s HIPAA Security Services, including risk analysis, gap assessment and all security implementation services.

Ernst & Young’s ability to provide guidance in a clear and thorough manner will help our members with their decisionmaking processes, sequencing of activities, and provide them with accurate investment breakdowns - all of which are necessary to address the HIPAA Security requirements.

To round out the security tools available for AHA members, the AHA has exclusively endorsed selected security solutions from Computer Associates International, Inc. (Computer Associates) - specifically its eTrust™ and BrightStor® lines. The AHA has selected Computer Associates because of its dedication to healthcare along with an experience base capable of helping hospitals understand the rule and implement appropriate solutions to address its requirements.

Computer Associates has software to meet a wide range of security needs - from single sign on to monitoring access controls and intrusion detection to managing complex and diverse storage environments.

To find out more about Ernst & Young’s HIPAA Security Program or Computer Associates’ HIPAA Security Software Program, please feel free to contact Nancy L. Scott by phone at 1-800-242-4677, ext. 2534, or by email at Information is also available at


Melinda Reid Hatton
Vice President and Chief Washington Counsel
American Hospital Association

Brian G. Lane
Assistant Vice President, Technology
AHA Financial Solutions, Inc

HIPAA Security Product Matrix



About AHA


Member Constituency Sections

Key Relationships

News Center

Performance Improvement

Advocacy Issues

Products & Services


Research & Trends


155 N. Wacker Dr.
Chicago, Illinois 60606

800 10th Street, N.W.
Two CityCenter, Suite 400
Washington, DC 20001-4956