{"id":3638,"date":"2024-03-12T16:23:13","date_gmt":"2024-03-12T22:23:13","guid":{"rendered":"https:\/\/trustarc.com\/?post_type=regulations&p=3638"},"modified":"2024-03-21T12:45:54","modified_gmt":"2024-03-21T18:45:54","slug":"hippa-security","status":"publish","type":"regulations","link":"https:\/\/trustarc.com\/regulations\/hippa-security\/","title":{"rendered":"Health Insurance Portability and Accountability Act (HIPAA) Security Rule"},"content":{"rendered":"\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t\tRegulation<\/span>\n\t\t\t\t\t\t\t\t\t\t

Health Insurance Portability and Accountability Act (HIPAA) Security Rule<\/h1>\n\t\t\t\t\t

The HIPAA Security Rule is a Federal sectoral rule that establishes national standards to protect individuals\u2019 electronic protected health information (ePHI) handled and maintained by certain entities in the healthcare industry. <\/p>\n\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t\t

\n\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t

Who does HIPPA apply to?<\/h2>\n

The HIPAA Security Rule applies to HIPAA Covered Entities (i.e. healthcare providers, health plans, healthcare clearinghouses) and, by extension, their Business Associates (i.e. service provider of a covered entity) who create, receive, maintain or transmit health information in electronic form.<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t

\n\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t

Requirements under HIPPA Security Rule<\/h2>\n\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t

Confidentiality, integrity and availability of ePHI<\/h4>\n

Put in place appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity and availability of ePHI. Identify and protect against security threats and reasonably anticipated, impermissible uses or disclosures.<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t

\n\t\t\t\t\t\t\t

Risk analysis and management<\/h4>\n

Evaluate the likelihood and impact of potential risks to ePHI and implement appropriate security measures to address identified risks.Regularly review security measures and improve them where necessary.<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/section>\n\t\n\n\t

\n\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t

Business Associate agreements<\/h4>\n

Put in place agreements with Business Associates that require them to safeguard ePHI processed on behalf of the Business Entity, report security breaches, and execute similar agreements with subcontractors.<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/section>\n\t\n\n\t\t

\n\t\t\t
\n\t\t\t\t\"\"\t\t\t<\/div>\n\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\teBook<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t

Guide to HIPAA Compliance<\/h2>\n\t\t\t\t\t\t

How to build and implement a program to demonstrate compliance with HIPAA<\/p>\n\t\t\t\t\t\t