HIPAA Safeguards

Wentz’s Risk Model

HIPAA

According to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the safeguards are grouped into three categories: administrative, physical, and technical.

The HIPAA Privacy and Security Rule

The Centers for Medicare & Medicaid Services (CMS) issues regulations, known as the Privacy Rule and Security Rule, to specify security controls applicable to those entities covered by HIPAA.

The Privacy Rule, primarily, addresses how PHI (Protected Health Information) can be used and disclosed, while the Security Rule, as a subset of the Privacy Rule, applies specifically to electronic PHI or ePHI.

HIPAA Safeguard Definitions

Administrative

The Security Rule defines administrative safeguards as, “administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity’s workforce in relation to the protection of that information.”

Technical

The Security Rule defines technical safeguards as “the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.”

Physical

The Security Rule defines physical safeguards as “physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.”

References

  1. Security Standards: Administrative Safeguards
  2. Security Standards: Technical Safeguards
  3. Security Standards: Physical Safeguards
  4. HIPAA SECURITY SERIES LIST [LINKS TO ALL 7 HHS DOCUMENTS]

2 thoughts on “HIPAA Safeguards

  1. Pingback: CISSP PRACTICE QUESTIONS – 20191221 by Wentz Wu, CISSP-ISSMP,ISSAP,ISSEP/CCSP/CSSLP/CISM/CISA/CEH/PMP/CBAP

  2. Pingback: Control Objectives by Wentz Wu, CISSP-ISSMP,ISSAP,ISSEP/CCSP/CSSLP/CISM/CISA/CEH/PMP/CBAP

Leave a Reply