The U.S. Department of Health and Human Services (HHS) has developed regulations protecting the privacy and security of certain health information. The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule), establishes a national set of security standards for protecting certain health information that is held or transferred in electronic form. The Security Rule addressing the technical and non-technical safeguards that organizations called “covered entities” must put in place to secure individuals’ “electronic protected health information” (e-PHI).
The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI.
Specifically, covered entities must:
The Security Rule defines “confidentiality” to mean that e-PHI is not available or disclosed to unauthorized persons. The Security Rule's confidentiality requirements support the Privacy Rule's prohibitions against improper uses and disclosures of PHI. The Security rule also promotes the two additional goals of maintaining the integrity and availability of e-PHI. Under the Security Rule, “integrity” means that e-PHI is not altered or destroyed in an unauthorized manner. “Availability” means that e-PHI is accessible and usable on demand by an authorized person.
West Point Security has over fifteen years of experience guiding covered entities in meeting their privacy and security responsibilities under HIPAA. Contact West Point Security to assist your organization with meeting its responsibilities under the federal HIPAA and HI-TECH security regulations.