Under the HIPAA Security Rule, covered entities (CEs) and business associates (BAs) are required to implement appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI). The Security Rule technical safeguards contain a series of standards whose requirements CEs and BAs must meet. Under the first of these standards, the Access Control standard, covered entities and business associates must [...]