HIPAA Security Rule
The HIPAA Security Rule requires appropriate Administrative, Physical, and Technical Safeguards to ensure the confidentiality, integrity, and security of protected health information (PHI).
The Security Rule is made up of 3 parts.
- Technical Safeguards
- Physical Safeguards
- Administrative Safeguards
All three parts include implementation specifications. Some implementation specifications are “required” and others are “addressable.” Required implementation specifications must be implemented. Addressable implementation specifications must be implemented if it is reasonable and appropriate to do so; your choice must be documented.