Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

Blogs

Events

Glossary

Guides and reports

What is the HIPAA Security Rule?

‍

The HIPAA Security Rule is a 2005 addition to the original Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA required the Secretary of the US Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information.

The HIPAA Security Rule operationalizes the protections contained in the HIPAA Privacy Rule by addressing the administrative, physical, and technical safeguards that organizations called covered entities must put in place to secure individuals’ electronic protected health information or ePHI.

Specifically, covered entities must:

‍

Ensure the confidentiality, integrity, and availability of all ePHI they create, receive, maintain, or transmit
Identify and protect against reasonably anticipated threats to the security or integrity of the information
Protect against reasonably anticipated, impermissible uses or disclosures
Ensure compliance by their workforce

A primary goal of the Security Rule is to protect the privacy of individuals’ health information while allowing covered entities to adopt new technologies to improve the quality and efficiency of patient care. The Security Rule is designed to be flexible and scalable so a covered entity can implement policies, procedures, and technologies appropriate for the entity’s size, organizational structure, and risks to consumers’ ePHI.

Related Terms

Additional resources you might like:

Security

Events

The CISO Playbook: How Security Leaders at Calm, Perforce, Xactus, and Vanta Drive Outcomes

Join CISOs from Calm, Perforce, Xactus, and Vanta for The CISO Playbook, a live panel on how enterprise security leaders demonstrate value to boards, manage risk at scale, and align security programs with growth and executive expectations.

GDPR

Events

Learn How to Automate Compliance for ISO 27001, GDPR, and more

Join our live demo to learn how Vanta automates compliance for ISO 27001, DORA, the EU AI Act, and more, saving you time and money.

Product updates

Blog

New in Vanta | December 2025

Vanta launched AI-generated policies, multiple risk registers, and vendor intake forms.

Compliance

Events

Learn How to Automate Compliance for SOC 2, ISO 27001, and More

Join our demo to learn how Vanta can help you accelerate compliance with deep automation and agentic workflows that handle evidence, policies, and remediation for you across frameworks like SOC 2, ISO 27001, HIPAA, and more.

Security

Blog

Beyond security theater: How automated trust closes the AI readiness gap

AI risks are accelerating, but manual compliance can’t keep up.

Compliance

Events

3 Steps to Kick Off First-Time Compliance in 2026

Watch this on-demand webinar to learn how to make compliance work at your pace, without slowing momentum, stalling deals, or putting revenue at risk.

Vendor Risk Management

Events

Office Hour: Transform how you manage third-party and internal risk

Check out our on demand Office Hour where we dive deeper into Vanta’s vision for unified, continuous, AI-powered risk management, and what it means for your business today.

Compliance

Events

Demo: Accelerate Security and Compliance Workflows with AI

Watch our on demand demo to see how Vanta AI streamlines your security and compliance workflows.

SOC 2

Events

Demo: Automating SOC 2, ISO 27001 & More with Vanta

Watch our on-demand demo to see how leading startups and security teams are automating compliance across 35+ frameworks, including SOC 2, ISO 27001, and HIPAA.

Follow us

What is the HIPAA Security Rule?

Related Terms

Additional resources you might like:

Additional resources you might like:

Get compliant and build trust—fast