WASHINGTON--While health care providers are largely compliant with the Health Insurance Portability and Accountability Act's Privacy Rule, most can't say the same about the law's Security Rule, which took effect April 20.

That's according to a new study released April 18 from the American Health Information Management Association. The study analyzed information from 1,140 respondents. While 91 percent said they were compliant with most elements of the Privacy Rule, only 17 percent said they were completely compliant with the Security Rule.

The study was released on the same day the Federal Register published a notice proposing monetary penalties for entities that violate HIPAA's administrative simplification provisions, which include the security and privacy regulations. Stakeholders have 60 days to comment on the proposal.

The Federal Register notice, including instructions for submitting comments, is available by clicking here.

For more on HIPAA, visit the CMS Web site by clicking here.