HIPAA Security Rule is applicable to all covered entities

Description: The HIPAA Security Rule directs the way a covered entity will comply with the act.

Simple Understanding of the HIPAA Security Rule


HIPAA Security Rule is one of five important rules formulated in Title II of Health Insurance Portability and Accountability Act, orHIPAA for administrativesimplification.

Essence of Security Rule

This rule is applicable to all covered entities that hold Protected Health Information (PHI) in electronic form.

There are three main categories of safeguards that are required for compliance with this rule.They are administrative safeguards, physical safeguards and technical safeguards.

For each of these categories, security standards are identified and each standard has a ‘required’ component and an ‘addressable’ component of implementation specification.

While the ‘required’ component of the standard is needed for compliance, the ‘addressable’ component of the standard is to be determined by the covered entities and is flexible.


These are the clearly defined policies and procedures that direct the way a covered entity will comply with the act. The important aspects addressed here are:

  1. Ongoing training on PHI and HIPAA to the staff.
  2. Recruitment of designated Privacy Officer
  3. Documented administrative procedure to access, share, authorize, modify, document, discuss or terminate information related to PHI.
  4. Outsourced business process must follow the same standards as the outsourcing entity.
  5. Internal and external audit for HIPAA compliances
  6. Contingency plans in case of emergencies or security breach.


These are the policies and procedures aimed at controlling access to records of PHI to avoid inappropriate access and misuse. The focus here is on physical form of records and storage components such as computer systems and hard drives.

The important points addressed here are:

  1. Electronic hardware containing PHI must be protected.
  2. Access to such hardware or computer system must be controlled
  3. Facility security plan, escorts and visitor sign-in systems must be put in place.


Phone: 800-447-9407
Fax: 302-288-6884


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s