The Security Standards for the Protection of Electronic Protected Health Information, commonly known as the HIPAA Security Rule, establishes national standards for securing patient data that is stored or transferred electronically.
The rule requires the placement of safeguards, both physical and electronic, to ensure the secure passage, maintenance and reception of protected health information (PHI). When addressing the risks and vulnerabilities associated with PHI and electronic protected health information (ePHI), there are three key questions health care organizations should ask.
- Can you identify the sources of ePHI and PHI within your organization, including all PHI that you create, receive, maintain or transmit?
- What are the external sources of PHI?
- What are the human, natural, and environmental threats to information systems that contain EPHI and PHI?
Enforced by the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS), the HIPAA Security Rule aims to protect patient security while still allowing the health care industry to advance technologically.