Your Compliance Edge

Security Rule Requirements

The Security Rule requires health care providers to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting electronic protected health information (e-PHI).  Specifically, health care providers must:

  • Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain, or transmit;
  • Identify and protect against reasonably anticipated threats to the security or integrity of the information;
  • Protect against reasonably anticipated, impermissible uses or disclosures; and
  • Ensure compliance by their workforce.

The Security Rule does not dictate which security measures a health care provider must use. Instead, the rule requires the health care provider to consider:

  • Its size, complexity, and capabilities;
  • Its technical, hardware, and software infrastructure;
  • The costs of security measures; and  
  • The likelihood and possible impact of potential risks to e-PHI.

In addition, health care providers are also required to document, review, and, as needed, modify their security measures.

Administrative Safeguards

The Security Rule requires covered entities to put in place the following administrative safeguards:

FREE Labor Law Penalties
by Company Size Chart

Alerts you to the penalties associated with key federal laws such as
COBRA and discrimination.



Download HR360


Request a Demo 

or Log In