HIPAA Security Rule
The HIPAA Security Rule requires appropriate Administrative, Physical, and Technical Safeguards to ensure the
confidentiality, integrity, and security of protected health information (PHI).
The Security Rule consists of three categories.
There are 5 standards listed under the Technical Safeguards section.
• Access Control
• Audit Controls
• Transmission Security Access Control
Physical Safeguards are a set of rules and guidelines that focus on the physical access to PHI.
•Facility Access Controls
•Device and Media Controls
The Administrative Safeguards are a collection of policies and procedures that govern the conduct of the workforce,
and the security measures put in place to protect PHI.
•Security Management Process
•Assigned Security Responsibility
• Information Access Management
•Security Awareness and Training
•Security Incident Procedures
•Business Associate Contracts and Other Arrangements