Security Rule Basics

The HIPAA Security Rule requires that health care providers protect the confidentiality, integrity, and availability of all Electronic Protected Health Information (EPHI for the rest of this Blog).

The rule is divided into 3 sections; Administrative, Physical, and Technical. Each section has several standards that must be met. These standards come in 2 flavors, Required (must be addressed) and Addressable (must be addressed but the solution can be variable depending on specific scenario).

The Administrative section is the largest and is basically a list of policy and procedure requirements. The Physical section defines the requirements for physical security of your buildings, equipment, etc. The Technical section defines the requirements for securing access, integrity, and availability of your electronic data.

A copy of the HIPAA Security Rule can be found on our website. (You must have Acrobat Reader to view the document)