The HIPAA Security Rule

Established in 2005, the HIPAA Security rule introduced national standards to safeguard electronic personal health information and ePHI. Any electronic health information that is distributed, accessed, created, stored, or maintained by a Covered Entity requires appropriate administrative, physical, and technical measures to protect and guarantee the safety of said information.

Knowing all the necessary components of HIPAA policies and standards is crucial for Covered Entities and Business Associates. One mistake and the Department of Health and Human Services could administer a hefty fine or even worse, shut your business down!

A HIPAA Summary

The Health Insurance Portability and Accountability Act or HIPAA is specifically imposed by HHS’s Office for Civil Rights (OCR). It was passed by the 104th United States Congress and signed into law by President Bill Clinton on August 21, 1996. Since 1996 there have been various latter rules added to HIPAA, most importantly:
  • Privacy Rule (2003) – entails who is covered, what information is protected, and how PHI can be used and distributed.
  • Security Rule (2003) – Set national standards that covered entities and business associates must follow
  • HITECH Act & Breach Notification Rule (2009) HITECH Rule was brought about to strengthen HIPAA rules and pertains to mainly health information technology. The Breach Rule simply requires any healthcare-related organization to report data breaches that affect a specific covered entity or individual connected to a covered entity.

So What is the HIPAA Security Rule?

The HIPAA Security Rule mandates technical, physical, and administrative safeguards from within a Covered Entity.

Technical aspects that fall under the HIPAA Security Rule include electronic access, audit controls, integrity pertaining to the unauthorized destruction or altering of personal data, and identity authentication.

Physical measures, policies, and procedures include facilities’ access controls, paper use, computer use and security, devices, and media controls.

Administrative measures should protect and incorporate security policies and procedures, risk analysis, assigning security responsibility, restricting unnecessary access to PHI, HIPAA training, incident procedures, data backups, and Business Associate Agreements.

While this may seem a bit overwhelming understanding the policies and procedures of HIPAA and the rules that follow are essential for both Covered Entities and Business Associates. Unfortunately, there is no “one-size fits all” security solution however, applying reliable and strong security to your organization can help mitigate potential data breaches, cyberattacks, or any other online attacks.

NeoCertified offers easy-to-use email encryption that complies with HIPAA standards and regulations making your email HIPAA compliant with ease. There is no server software to download or extra steps just simple encryption for your business email application.

Try NeoCertified Today! 30-Days Risk-Free!