HIPAA Security Rule
Plain English Summary
Requires healthcare organizations to implement security safeguards to protect electronic patient health data.
Full Text
Covered entities and their business associates must implement administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI). Required administrative safeguards include risk analysis, risk management, workforce training, and contingency planning.
Technical safeguards include access controls, audit controls, integrity controls, and transmission security. Physical safeguards cover facility access controls, workstation use and security, and device and media controls. Entities must conduct periodic risk assessments.
This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.