Security Rule Guidelines (Clarke & Company Benefits)
The HIPAA Security Rule imposes requirements on covered entities with respect to the protection of electronic PHI (ePHI). Key aspects of the Security Rule are as follows:
The main purpose of the Security Rule is to ensure the confidentiality, availability and integrity of ePHI. Covered entities must protect against reasonably anticipated threats to ePHI and uses or disclosures of ePHI that are not permitted under the Privacy Rule. Covered Entities must also protect ePHI by ensuring that their workforces comply with the security requirements.
Covered entities must implement reasonable and appropriate security standards to protect ePHI. The standards are intended to be flexible depending on the type, size and capabilities of the covered entity. There are specific standards for administrative, technical and physical safeguards. Covered entities should periodically review their security standards and make any necessary updates to their safeguards.
If a covered entity uses a business associate, the contract between the two parties should address both privacy and security requirements for all types of PHI, including ePHI. Business Associates are also directly subject to many Security Rule requirements and should have their own security measures in place to safeguard ePHI.
To learn more about EDI and become a certified EDI Professional please visit our course schedule page.