What is the HIPAA Security Rule?
The HIPAA Security Rule is a 2005 addition to the original Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA required the Secretary of the US Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information.
The HIPAA Security Rule operationalizes the protections contained in the HIPAA Privacy Rule by addressing the administrative, physical, and technical safeguards that organizations called covered entities must put in place to secure individuals’ electronic protected health information or ePHI.
Specifically, covered entities must:
- Ensure the confidentiality, integrity, and availability of all ePHI they create, receive, maintain, or transmit
- Identify and protect against reasonably anticipated threats to the security or integrity of the information
- Protect against reasonably anticipated, impermissible uses or disclosures
- Ensure compliance by their workforce
A primary goal of the Security Rule is to protect the privacy of individuals’ health information while allowing covered entities to adopt new technologies to improve the quality and efficiency of patient care. The Security Rule is designed to be flexible and scalable so a covered entity can implement policies, procedures, and technologies appropriate for the entity’s size, organizational structure, and risks to consumers’ ePHI.
Additional resources you might like:
.png)
.png)
Wondering about AI and what it means for your company’s compliance program? You can ask these privacy and security experts (almost) anything! Join Vanta’s AM(almost)A on June 27 at 10 am PT and 1 pm ET to connect with Matt Cooper, Senior Manager of Privacy, Risk, & Compliance, and Rob Picard, Security Lead, on emerging trends in AI and compliance. They’ll answer questions and share practical advice to help you navigate this evolving landscape and stay ahead of the curve.
