The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information (ePHI) maintained by a covered entity. The security rule requires appropriate Administrative, Physical, and Technical Safeguards to ensure the confidentiality, integrity, and security of protected health information.
The Security Rule consists of three (3) main categories:
- Technical Safeguards
- Physical Safeguards
- Administrative Safeguards
To achieve HIPAA Compliance contact us today
Contact Us
Technical Safeguards
Technical Safeguards are the technology and related policies that protect data from unauthorized access. All covered entity’s need to implement Technical Safeguards that are applicable to their organization to best protect ePHI. The five (5) standards listed under the Technical Safeguard section are:
- Access Controls
- Audit Controls
- Integrity
- Authentication
- Transmission Security Access Controls
Physical Safeguards
Physical Safeguards are measures, policies, and procedures in place to protect a covered entity’s ePHI from an unauthorized intrusion. The four (4) standards listed under the Physical Safeguard section are:
- Facility Access Controls
- Workstation Use
- Workstation Security
- Device and Media Controls
Administrative Safeguards
The Administrative Safeguards are a collection of policies and procedures that govern the conduct of the workforce,
and the security measures put in place to protect PHI. The nine (9) standards listed under the Administrative Safeguard section are:
- Security Management Process
- Assigned Security Responsibility
- Workforce Security
- Information Access Management
- Security Awareness and Training
- Security Incident Procedures
- Contingency Plan
- Evaluation
- Business Associate Contracts and Other Arrangements