HIPAA Security Rule

The Security Standards for the Protection of Electronic Protected Health Information, commonly known as the HIPAA Security Rule, establishes national standards for securing patient data that is stored or transferred electronically.

The rule requires the placement of safeguards, both physical and electronic, to ensure the secure passage, maintenance and reception of protected health information (PHI). When addressing the risks and vulnerabilities associated with PHI and electronic protected health information (ePHI), there are three key questions health care organizations should ask.

  • Can you identify the sources of ePHI and PHI within your organization, including all PHI that you create, receive, maintain or transmit?
  • What are the external sources of PHI?
  • What are the human, natural, and environmental threats to information systems that contain EPHI and PHI?

Enforced by the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS), the HIPAA Security Rule aims to protect patient security while still allowing the health care industry to advance technologically.

This was last updated in March 2012

Continue Reading About HIPAA Security Rule

Dig Deeper on Federal health care policy issues and health care reform



Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.


File Extensions and File Formats

Powered by: