In order to operate a legal, compliant healthcare practice in the United States, you must familiarize yourself with the Health Insurance Portability and Accountability Act (HIPAA) and its respective rules, including the Security Rule. Originally issues on February 20, 2003, the Security Rule was designed to “compliment” the Privacy Rule by expanding on new security measures to enhance patient privacy.

Written and Oral Communications

It's important to note that the HIPAA Security Rule only applies to Electronic Protected Health Information (EPHI) and not oral or written communications. EPHI may consist of digital patient records, digital health insurance information, and other forms of digital media containing the personally identifiable information of patients. The Department of Health and Human Services (HHS) created the Security Rule so healthcare practices could implement modern technology while still protecting the privacy of their patients.

Administrative Safeguards

The HIPAA Security Rule includes three security safeguards that doctors and other covered entities must implement in order to remain compliant. One of these safeguards is administrative, which consists of a wide range of practices and policies that are designed to show how the covered entity will comply with HIPAA. Covered entities must create written policies and procedures that reference how they handle patient privacy and whom can access it.

Technical Safeguards

Technical safeguards are also outlined in the HIPAA Security Rule. As noted by the HHS, technical safeguards consist of access control systems that are used to protect communications in which PHI is sent or received. While the HHS doesn't list any specific type of technical safeguards, it does require covered entities to follow some basic rules, such as authenticating entities with whom they communicate, making documentation of HIPPA practices readily available, and taking meaningful and appropriate measures to protect in-house systems from intrusion.

Physical Safeguards

Last but not least, the HIPAA Security Rule requires all covered entities to implement physical safeguards to protect EPHI from unauthorized use or access. As the name suggests, a physical safeguard is any type of protective security measure that's tangible. In contrast to technical safeguards, physical safeguards can be seen and felt. Some of which may consist of locked doors, locked file cabinets, privacy screen protectors, security gates, one-way mirrors, etc.

Hopefully, this will give you a better idea of the HIPAA Security Rule and its respective requirements. Just remember that the Security Rule only affects digital forms of patient information and not paper or oral.

Subscribe to our mailing list

* indicates required