HIPAA Security Rule

The Security Standards for the Protection of Electronic Protected Health Information, commonly known as the HIPAA Security Rule, establishes national standards for securing patient data that is stored or transferred electronically.

The rule requires the placement of safeguards, both physical and electronic, to ensure the secure passage, maintenance and reception of protected health information (PHI). When addressing the risks and vulnerabilities associated with PHI and electronic protected health information (ePHI), there are three key questions health care organizations should ask.

  • Can you identify the sources of ePHI and PHI within your organization, including all PHI that you create, receive, maintain or transmit?
  • What are the external sources of PHI?
  • What are the human, natural, and environmental threats to information systems that contain EPHI and PHI?

Enforced by the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS), the HIPAA Security Rule aims to protect patient security while still allowing the health care industry to advance technologically.

This was last updated in March 2012
Posted by: Margaret Rouse

Email Alerts

Register now to receive news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

Do you have something to add to this definition? Let us know.

Send your comments to

Join the conversation Comment



    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.