🎉
Vanta now offers PCI DSS compliance automation for cardholder data security!
Learn more >
GLOSSARY

HIPAA Safeguards

Blog
Guides
Glossary
Webinars

Terms

What are the HIPAA Safeguards?

HIPAA Safeguards are the administrative, technical, and physical safeguards that covered entities are required to maintain by the terms of the HIPAA Security Rule to protect individuals’ electronic protected health information (ePHI).


The Security Rule defines Administrative Safeguards as “administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity’s workforce in relation to the protection of that information.” The Administrative Safeguards comprise more than half of the HIPAA Security Requirements. Administrative Safeguards include: 

  • Implementation of a Security Management Process
  • Designation of Security Personnel
  • Implementation of Information Access Management policies and procedures for authorizing access to ePHI
  • Provision of Workforce Training and Management
  • Performance of regular Evaluations against the requirements of the Security Rule


The Security Rule defines Technical Safeguards as “the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.” The Technical Safeguards include:

  • Implementation of Access Control policies and procedures that allow only authorized persons to access ePHI
  • Implementation of Audit Controls to record and examine access and other activity in information systems that contain or use ePHI
  • Implementation of Integrity Controls, policies, and procedures to ensure ePHI is not destroyed or improperly altered
  • Implementation of technical security measures to ensure Transmission Security—guarding against unauthorized access to ePHI transmitted over an electronic network


The Security Rule defines Physical Safeguards as “physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.” The Physical Safeguards include:

  • Management of Facility Access and Control, a covered entity must limit physical access to its facilities while ensuring that authorized access is allowed
  • Implementation of Workstation and Device Security policies and procedures to specify proper use of and access to workstations and electronic media

Vanta is the easy way to get SOC 2, HIPAA, or ISO 27001 compliant. Over 2,000 fast-growing companies trust Vanta to automate their security monitoring and get ready for security audits in weeks instead of months. Simply connect your tools to Vanta, fix the gaps on your dashboard, and then work with a Vanta-trained auditor to complete your audit. We'll guide you throughout the process and help tailor your security monitoring and compliance to meet the needs of you and your customers. Vanta was founded in 2016 and headquartered in San Francisco.

Products
SOC 2HIPAAISO 27001PCI DSSGDPRIntegrations
Customers
Customer Case Studies
Resources
BlogGuidesGlossaryWebinarsIndustry Topics
Company
AboutCareersSecurityPress
Manage CookiesTermsPrivacy
Vanta automates security compliance.
Please enter your first name
Please enter your last name
Please enter a valid email address
Please enter a job title
Please enter your company name
Please enter your company website
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

By clicking “Accept”, you agree to the use of cookies on your device in accordance with our Privacy and Cookie policies.

Manage CookiesACCEPT
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.