March, 2006 Small Health Plans Must Comply With HIPAA Security Rules by April 20, 2006 WHAT: The HIPAA Security Rule applies to all electronic protected health information (ePHI) created, received, maintained or transmitted by a covered entity. Covered entities are required to implement reasonable and appropriate security measures to protect against reasonably anticipated threats or hazards […]