Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What are the HIPAA Safeguards?

HIPAA Safeguards are the administrative, technical, and physical safeguards that covered entities are required to maintain by the terms of the HIPAA Security Rule to protect individuals’ electronic protected health information (ePHI).


The Security Rule defines Administrative Safeguards as “administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity’s workforce in relation to the protection of that information.” The Administrative Safeguards comprise more than half of the HIPAA Security Requirements. Administrative Safeguards include: 

  • Implementation of a Security Management Process
  • Designation of Security Personnel
  • Implementation of Information Access Management policies and procedures for authorizing access to ePHI
  • Provision of Workforce Training and Management
  • Performance of regular Evaluations against the requirements of the Security Rule


The Security Rule defines Technical Safeguards as “the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.” The Technical Safeguards include:

  • Implementation of Access Control policies and procedures that allow only authorized persons to access ePHI
  • Implementation of Audit Controls to record and examine access and other activity in information systems that contain or use ePHI
  • Implementation of Integrity Controls, policies, and procedures to ensure ePHI is not destroyed or improperly altered
  • Implementation of technical security measures to ensure Transmission Security—guarding against unauthorized access to ePHI transmitted over an electronic network


The Security Rule defines Physical Safeguards as “physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.” The Physical Safeguards include:

  • Management of Facility Access and Control, a covered entity must limit physical access to its facilities while ensuring that authorized access is allowed
  • Implementation of Workstation and Device Security policies and procedures to specify proper use of and access to workstations and electronic media

Additional resources you might like:

Compliance
Event
State of Trust in AI

Join us, live, for a fireside chat with three leading AI companies, Factory, avoMD, and Stravito, where their leaders will discuss how their organizations leverage security best-practices and compliance with AI frameworks.

Compliance
Blog
How to scale your GRC program with automation

Manual GRC processes aren’t sustainable for growing businesses. That’s where GRC automation comes in. Read more.

Compliance
Blog
3 trends shaping the future of GRC and how to adapt today

Managing GRC today still requires a ton of manual work—but it doesn’t have to. Find how the future of GRC is evolving and how you can adapt today.

Additional resources you might like:

Compliance
Event
State of Trust in AI

Join us, live, for a fireside chat with three leading AI companies, Factory, avoMD, and Stravito, where their leaders will discuss how their organizations leverage security best-practices and compliance with AI frameworks.

Compliance
Blog
How to scale your GRC program with automation

Manual GRC processes aren’t sustainable for growing businesses. That’s where GRC automation comes in. Read more.

Compliance
Blog
3 trends shaping the future of GRC and how to adapt today

Managing GRC today still requires a ton of manual work—but it doesn’t have to. Find how the future of GRC is evolving and how you can adapt today.

Compliance
Event
Audit Prep Excellence: Your Path to Success

Join our interactive webinar featuring experts in compliance auditing for a live Q&A session. We'll dive into essential tips for preparing for various compliance audits, guide you through the nuances of both ISO 27001 and SOC 2 standards, and discuss best practices for maintaining continuous compliance.

Compliance
Event
How Fireant Achieved ISO 27001 Compliance Fast & Secured Government Business

Join Vanta and FireAnt as we demystify the compliance journey. We will explore how FireAnt, a Sydney-based software provider, leveraged Vanta’s automation to streamline their ISO 27001 certification process and unlock new business opportunities.

Compliance
Event
How to Automate ISO 27001 & SOC 2 Compliance

Curious about why compliance is so important, which businesses need it, and how Vanta's automation can help you quickly achieve it? Join Vanta’s 45-minute live product demo. Two of our team members will walk you through the platform and answer your questions in real time.

Compliance
Event
How to Automate SOC 2 & ISO 27001 Compliance

Curious about why compliance is so important, which businesses need it, and how Vanta's automation can help you quickly achieve it? Join Vanta’s 45-minute live product demo on July 9th at 11 am PST. Two of our team members will walk you through the platform and answer your questions in real time.

Compliance
Event
How to Automate ISO 27001 & SOC 2 Compliance

Curious about why compliance is so important, which businesses need it, and how Vanta's automation can help you quickly achieve it? Join Vanta’s 45-minute live product demo. Two of our team members will walk you through the platform and answer your questions in real time.

Compliance
Event
ISO 27001 vs. SOC 2: Which standard is right for my startup?

Starting a security compliance program requires time, effort, and planning. And knowing where to begin is half the battle. Are you wondering if your organisation should focus on ISO 27001? SOC 2? Both?