Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

Blogs

Events

Glossary

Guides and reports

What are the HIPAA Safeguards?

‍

HIPAA Safeguards are the administrative, technical, and physical safeguards that covered entities are required to maintain by the terms of the HIPAA Security Rule to protect individuals’ electronic protected health information (ePHI).

The Security Rule defines Administrative Safeguards as “administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity’s workforce in relation to the protection of that information.” The Administrative Safeguards comprise more than half of the HIPAA Security Requirements. Administrative Safeguards include:

‍

Implementation of a Security Management Process
Designation of Security Personnel
Implementation of Information Access Management policies and procedures for authorizing access to ePHI
Provision of Workforce Training and Management
Performance of regular Evaluations against the requirements of the Security Rule

The Security Rule defines Technical Safeguards as “the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.” The Technical Safeguards include:

‍

Implementation of Access Control policies and procedures that allow only authorized persons to access ePHI
Implementation of Audit Controls to record and examine access and other activity in information systems that contain or use ePHI
Implementation of Integrity Controls, policies, and procedures to ensure ePHI is not destroyed or improperly altered
Implementation of technical security measures to ensure Transmission Security—guarding against unauthorized access to ePHI transmitted over an electronic network

The Security Rule defines Physical Safeguards as “physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.” The Physical Safeguards include:

‍

Management of Facility Access and Control, a covered entity must limit physical access to its facilities while ensuring that authorized access is allowed
Implementation of Workstation and Device Security policies and procedures to specify proper use of and access to workstations and electronic media

‍

Related Terms

Additional resources you might like:

Compliance

Blog

How to choose the right AI standard: A 7-point guide

Discover the seven essential questions that help you choose an AI standard for your organization.

Compliance

Blog

Government contracting compliance 101: Everything you should know

Understand the regulations and standards government contractors must meet—and the challenges involved.

Compliance

Events

Beyond Compliance: Building a Scalable Trust Program with Vanta

Join us to see how high-growth companies use Vanta to build trust, stay audit-ready, and scale with confidence.

GDPR

Blog

How to make your website GDPR compliant in 8 steps

Learn the essential steps to achieve GDPR compliance for your website. Click here to learn the requirements and organizational benefits of GDPR compliance.

Compliance

Blog

How to choose the best access review software: A buyer’s guide

Learn why access review software is essential and how to choose and implement the right solution.

GDPR

Blog

GDPR basics: Everything you need to know to keep your business compliant

Learn the basics of GDPR, what GDPR compliance means for your organization, and how the GDPR rights granted to those in the EU may impact your business.