The HIPAA Security Rule provides nation-wide standards to protect electronic personal health information that is created, received, used or maintained by a HIPAA covered entity. The Security Rule places obligations on covered entities to maintain administrative, technical and physical safeguards to ensure the confidentiality, integrity and security of electronic protected health information (EPHI).
The government has a HIPAA Security Risk Assessment Tool for covered entities to use to review their operations to identify EPHI risks. A risk assessment helps an organization determine if it is compliant with HIPAA’s administrative, technical and physical safeguards. The assessment is intended to reveal areas where EPHI is at risk.
To access the risk assessment tool provided by the U.S. Department of Health and Human Services, click here.