HIPAA Security Rule Resources

Posted by BAS - 24 September, 2020


The US Department of Health and Human Services (HHS) provides a summary of important elements of the HIPAA Security Rule. This summary offers a useful overview of the rule, which is intended to protect the privacy and security of electronic health information.

The Security Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) establishes a national set of security standards for protecting health information that is held or transferred in electronic format. It addresses the technical and non-technical safeguards that must be in place by covered entities to protect individuals’ electronic protected health information (e-PHI).

Who is Covered

The Security Rule applies to health plans, health care clearinghouses and to any health care provider who transmit health information in electronic form. It also applies to business associates of covered entities.

What Information is Protected

The Security Rule protects individually identifiable health information that is in electronic form.


The Security Rule requires covered entities to have reasonable and appropriate administrative, technical and physical safeguards to protect e-PHI. Covered entities must perform a risk analysis to review their security management process. They also must have administrative safeguards in place, including: a security management process; security personnel; information access management; workforce training; and evaluation. Physical safeguards such as facility access controls and workstation/device security, along with technical safeguards must be implemented.

A summary of HHS requirements for Security Rule compliance can be reviewed by clicking here.

Topics: MyEnroll360 Security, BAS News, HR & Benefits News, Technology News

Recent Posts

Question of the Week

read more

National Cybersecurity Awareness

read more

Username and Password in MyEnroll360

read more