HIPAA Security Rule
Meanwhile, the HIPAA Security Rule is meant to protect electronic PHI (ePHI). It established national standards on how ePHI is created, received, used, or maintained. The Security Rule requires appropriate safeguards be in place to maintain the integrity, availability, and confidentiality of ePHI. Healthcare organizations must implement physical, technical, and administrative safeguards. However, the HIPAA Security Rule leaves it up to entities to determine what safeguards are necessary for their organization.
- Physical Safeguards: protect the physical security of your offices where PHI or ePHI may be stored or maintained. Common examples of physical safeguards include alarm systems, security systems, and locking areas where PHI or ePHI is stored.
- Technical Safeguards: protect the cybersecurity of your business. Technical cybersecurity safeguards must be implemented in order to protect the ePHI that is maintained by your business. Examples of technical safeguards include firewalls, encryption, and data backup.
- Administrative Safeguards: ensure that staff members are properly trained in order to execute the security measures you have in place. Administrative safeguards should include policies and procedures that document the security safeguards you have in place, as well as employee training on those policies and procedures to ensure that they are being properly executed.
HIPAA Privacy and Security Rules Summary
In conclusion, HIPAA Privacy and Security Rules are among the most important aspects of HIPAA law. It is imperative that healthcare organizations are diligent in their efforts to protect patient PHI. If your organization is audited by the Department of Health and Human Services (HHS) Office of Civil Rights (OCR), and you don’t have the proper safeguards protecting PHI, you could potentially be facing large fines.