HIPAA Safeguards: Administrative - Physical - Technical

The HIPAA Security Final Rule features three categories with Required (R) and Addressable (A) implementations. Here is what that means to you.

Required implementation specifications are mandatory if your organization is a covered entity



HIPAA Security Rule: Administrative Safeguards

Administrative

The foundation on which the other two standards depend.

These specifications are Required (R).

  • Performing Risk analysis
  • Risk management
  • Development and publication of policies
  • Determination of procedure and guidelines
  • Personnel security requirements
  • Security training
HIPAA Security Rule: Physical Safeguards

Physical

Protect a covered entities electronic information systems, related buildings and equipment for natural, environment hazards and unauthorized intrusion

These specifications are Required (R).

  • Workstation use
  • Workstation security
  • Device and media disposal
  • Device and media reuse
HIPAA Security Rule: Technical Safeguards

Technical

Technology and the policy and procedures for its use that protect ePHI and control access to it.

These specifications are Required (R).

  • Unique user identification
  • emergency access procedure
  • Audit controls - Access Rights
  • Person or entity authentication