HIPAA TIP: HIPAA Security Standards

The HIPAA Security Rule established national standards to protect individuals’ electronic Protected Health information (ePHI). The General rule is to ensure the Confidentiality, Integrity and Availability (CIA) of all ePHI created, received, maintained, or transmitted.

Did you know that as a Covered Entity or Business Associate you must comply with each standard? Covered Entities are also required evaluate and address potential risks through a Security Risk Analysis on an annual basis.

Security Standards for Administrative Safeguards:

  • Security Management Process
  • Assigned Security Responsibility
  • Workforce Security
  • Information Access Management
  • Security Awareness and Training
  • Security Incident Procedures
  • Contingency Plan
  • Evaluation
  • Business Associate Contracts and Other Arrangements


Security Standards for Technical Safeguards:

  • Access Control
  • Audit Controls
  • Integrity
  • Person or Entity Authentication
  • Transmission Security


Security Standards for Physical Safeguards:

  • Facility Access Controls
  • Workstation Use
  • Workstation Security
  • Device and Media Controls

HIPAA compliance isn’t a one-time checklist. It’s ongoing, programmatic in nature, and requires demonstrated reasonable diligence to stay in good standing with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Anatomy IT. can provide you peace of mind with our expert HIPAA compliance services. To learn more, contact us here.