HIPAA Security Rule Part 1: An Intro to Data Security for Electronic Protected Health Information

Information and data security are hugely important topics, and no group knows that more than those who work in the healthcare field. Whether it’s who physicians and healthcare providers can talk to about a specific patient’s care, how to protect your healthcare facility from healthcare data hackers, or how to secure individuals’ “electronic protected health information” (e-PHI), there’s always something to abide by or consider when it comes to healthcare data security — thanks to HIPAA (the Health Insurance Portability and Accountability Act).

Now, there are HIPAA rules and then there are HIPAA data security rules, and since we’re an IT company, we’re just going to focus on the data security side of things. With that in mind, keep reading as we quickly introduce you to the HIPAA Security Rule and all of its healthcare data security policies.

HIPAA Privacy Rule vs. the HIPAA Security Rule

The HIPAA Privacy Rule, also known as the Standards for Privacy of Individually Identifiable Health Information, establishes national standards for the protection of certain health information, whereas the HIPAA Security Rule, also known as the Security Standards for the Protection of Electronic Protected Health Information, establishes national security standards for the protection of certain health information held or transferred electronically. Another major difference: the HIPAA Security Rule sets in motion the protections set forth in the HIPAA Privacy Rule by addressing all safeguards that “covered entities” must enact to secure e-PHI.

Goals of the HIPAA Security Rule

  • Protect the privacy of individuals’ health information.
  • Improve the quality and efficiency of patient care by allowing covered entities to adopt new technologies.
  • Provide covered entities of different sizes with flexible and scalable rules that allow them to better analyze their own needs and resources and to implement policies, procedures, and technologies that are appropriate for their size, structure, and risks to consumers’ e-PHI.

Information Protected by the HIPAA Security Rule: Electronic Protected Health Information

While the HIPAA Privacy Rule protects the overall privacy of individually identifiable health information, called protected health information (PHI), the HIPAA Security Rule gets more specific by protecting a subset of information in the HIPAA Privacy Rule, called “electronic protected health information (e-PHI), which is all individually identifiable health information that a covered entity creates, receives, maintains, or transmits in electronic form.

HIPAA Data Security and the Future

HIPAA rules have only been around since 1996, and while healthcare facilities and clinics have made great strides to protect the healthcare data created, stored, and transferred electronically, there’s still much work to be done if we’re going to continue to protect patient information. If you want to learn more about the HIPAA Security Rule’s specific requirements, read the next blog in this series, “HIPAA Security Rule Part 2: General Data Security Rules for Electronic Protected Health Information.”

*This is a quick summary of the HIPAA Security Rule, not a complete or comprehensive guide to compliance. For more information, please visit the U.S. Department of Health and Human Services.