What are the HIPAA Safeguards?
HIPAA Safeguards are the administrative, technical, and physical safeguards that covered entities are required to maintain by the terms of the HIPAA Security Rule to protect individuals’ electronic protected health information (ePHI).
The Security Rule defines Administrative Safeguards as “administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity’s workforce in relation to the protection of that information.” The Administrative Safeguards comprise more than half of the HIPAA Security Requirements. Administrative Safeguards include:
- Implementation of a Security Management Process
- Designation of Security Personnel
- Implementation of Information Access Management policies and procedures for authorizing access to ePHI
- Provision of Workforce Training and Management
- Performance of regular Evaluations against the requirements of the Security Rule
The Security Rule defines Technical Safeguards as “the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.” The Technical Safeguards include:
- Implementation of Access Control policies and procedures that allow only authorized persons to access ePHI
- Implementation of Audit Controls to record and examine access and other activity in information systems that contain or use ePHI
- Implementation of Integrity Controls, policies, and procedures to ensure ePHI is not destroyed or improperly altered
- Implementation of technical security measures to ensure Transmission Security—guarding against unauthorized access to ePHI transmitted over an electronic network
The Security Rule defines Physical Safeguards as “physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.” The Physical Safeguards include:
- Management of Facility Access and Control, a covered entity must limit physical access to its facilities while ensuring that authorized access is allowed
- Implementation of Workstation and Device Security policies and procedures to specify proper use of and access to workstations and electronic media
Additional resources you might like:

Coffee and Compliance: Building Trust to Drive Business Growth
Join our live webinar on May 23 at 12 PM where VP of Product Chase Lee, and Staff Product Manager Sanjay Padval as they demonstrate a brief overview and provide guidance on advancing your security program beyond building or improving. Learn how to enhance customer satisfaction and gain a competitive advantage, accelerating your business growth.

Café et compliance : les clés pour booster sa croissance en tant que startup
Pour vendre à des entreprises, les startups doivent garantir la protection des données de leurs clients en prouvant qu’elles ont mis en place les bonnes pratiques de sécurité. Pour cela, elles peuvent obtenir une certification comme la norme ISO 27001. Ce webinar explique les différents contrôles de sécurité à effectuer, les avantages de la certification et comment automatiser jusqu'à 90% du processus avec Vanta. Sébastien, CTO et co-fondateur de Leeway reviendra sur son expérience avec Vanta, et les participants pourront échanger avec notre responsable commerciale en France et notre expert en certification.

Introducing Vanta Workspaces
We’re thrilled to announce Vanta Workspaces, a new capability in our platform that enables complex organizations with multiple business units to easily customize, manage, and automate compliance at both the business unit and parent organization level in a single Vanta account.