What does the HIPAA Security Rule Protect?
While the HIPAA Privacy Rule safeguards protected health information (PHI), the Security Rule protects a subset of information covered by the Privacy Rule. This subset is all individually identifiable health information a covered entity creates, receives, maintains, or transmits in electronic form. This information is called “electronic protected health information” (e-PHI). The Security Rule does not apply to PHI transmitted orally or in writing.
To comply with the HIPAA Security Rule, all covered entities must do the following:
-
Ensure the confidentiality, integrity, and availability of all electronic protected health information
-
Detect and safeguard against anticipated threats to the security of the information
-
Protect against anticipated impermissible uses or disclosures
-
Certify compliance by their workforce
Covered entities should rely on professional ethics and best judgment when considering requests for these permissive uses and disclosures. The HHS Office for Civil Rights enforces HIPAA rules, and all complaints should be reported to that office. HIPAA violations may result in civil monetary or criminal penalties.
For more information, see here: https://www.cdc.gov/phlp/publications/topic/hipaa.html
These materials were obtained directly from the Federal Government public website and are posted here for your review and reference only. No Claim to Original U.S. Government Works. This may not be the most recent version. The U.S. Government may have more current information. We make no guarantees or warranties about the accuracy or completeness of this information, or the information linked to. Please check the linked sources directly.