Facebook-f Instagram Youtube
All Tax Videos
Call: (888) 577-1482

HIPPA Compliance

The HIPAA Security Rule requires appropriate Administrative, Physical, and Technical Safeguards to ensure the confidentiality, integrity, and security of protected health information (PHI).

Overview of the HIPAA Security Rule

The Security Rule is made up of three key parts:

  1. Technical Safeguards

  2. Physical Safeguards

  3. Administrative Safeguards

All three parts include implementation specifications, which are either:

  • Required – Must be implemented.

  • Addressable – Must be implemented if it is reasonable and appropriate to do so; the decision must be documented.

Note: An addressable implementation specification is not optional. When in doubt, implement it, it is typically a best practice.

Technical Safeguards

Technical safeguards focus on the technology that protects PHI and controls access to it. The Security Rule does not mandate specific technologies; it is designed to be technology neutral.

Five Standards Under Technical Safeguards

  1. Access Control

  2. Audit Controls

  3. Integrity

  4. Authentication

  5. Transmission Security

Physical Safeguards

The following are important implementation specifications under physical safeguards:

  • Facility Access Controls – Contingency Operations (addressable):
    Establish (and implement as needed) procedures that allow facility access in support of restoration of lost data under the disaster recovery plan and emergency mode operations plan in the event of an emergency.

  • Facility Access Controls – Facility Security Plan (addressable):
    Implement policies and procedures to safeguard the facility and the equipment therein from unauthorized physical access, tampering, and theft.

  • Facility Access Controls – Access Control and Validation Procedures (addressable):
    Implement procedures to control and validate a person’s access to facilities based on their role or function, including visitor control, and control of access to software programs for testing and revision.

  • Facility Access Controls – Maintenance Records (addressable):
    Implement policies and procedures to document repairs and modifications to the physical components of a facility which are related to security (e.g. hardware, walls, doors, and locks).

Workstation and Device Security

  • Workstation Use (required):
    Implement policies and procedures that specify the proper functions to be performed, the manner in which those functions are to be performed, and the physical attributes of the surroundings of a specific workstation or class of workstation that can access ePHI.

  • Workstation Security (required):
    Implement physical safeguards for all workstations that access ePHI, to restrict access to authorized users.

Device and Media Controls

  • Disposal (required):
    Implement policies and procedures to address the final disposition of ePHI, and/or the hardware or electronic media on which it is stored.

  • Media Re-Use (required):
    Implement procedures for removal of ePHI from electronic media before the media are made available for re-use.

  • Accountability (addressable):
    Maintain a record of the movements of hardware and electronic media and any person responsible therefore.

  • Data Backup and Storage (addressable):
    Create a retrievable, exact copy of ePHI, when needed, before movement of equipment

Frequently Asked Questions

What are the three key safeguard categories in the HIPAA Security Rule?

The HIPAA Security Rule outlines three main safeguard categories: Administrative, Physical, and Technical. Each category includes required and addressable implementation specifications to protect the confidentiality, integrity, and security of protected health information (PHI).

What does “addressable” mean under the HIPAA Security Rule?

“Addressable” does not mean optional. It means that the specification must be implemented if it is reasonable and appropriate to do so. If not implemented, the covered entity must document why and how an alternative measure achieves the same purpose.

What is the role of Technical Safeguards?

Technical Safeguards are focused on the technology and related policies that protect electronic PHI (ePHI) and control access. They include standards such as access control, audit controls, integrity, authentication, and transmission security.

Why are Facility Access Controls important?

Facility Access Controls are a component of Physical Safeguards. They help ensure that only authorized individuals have physical access to systems that store ePHI. This includes policies for contingency operations, validation procedures, maintenance records, and physical security plans.

How should electronic media be handled under HIPAA?

Electronic media must be managed through secure disposal, proper re-use procedures to clear ePHI, accountability tracking for device movement, and data backup before equipment transfer. These steps are essential under the Device and Media Controls section of the Security Rule.

Ansari Law Firm BBB Business Review
Healthcare Law Articles

Latest Healthcare Law News

Medicare Audit Atlanta

Medicare Audit Atlanta Medicare Audits – “Reasonable and Necessary” With the Federal government contracting and double-checking its spending, healthcare practitioners

Health Care Compliance Atlanta

Health Care Compliance Atlanta Overview of Healthcare Compliance Healthcare compliance is a broad term that can encompass issues such as

Medicare Revocation Appeals

Medicare Revocation Appeals There are Five levels of Appeals: Overview There are five levels of appeals for Medicare revocation cases.

Detroit Medicare Fraud Doctors Arrested

Detroit Medicare Fraud Doctors Arrested Overview of Charges Five doctors and two others in and around metro Detroit face felony

More Healthcare Law News
Contact our Tax Law Firm

Call our Tax Attorneys to Discuss your Case
Call (888) 577-1482
About

Ansari Law Firm is a multi-state business and state tax law firm, with offices in Texas (Dallas, Fort Worth, San Antonio & Houston), Georgia and Illinois.

Practice Areas
Contact
Latest News & Articles
nexus tax defense logo small new

Ansari Law Firm is a multi-state business and state tax law firm, with offices in Texas (DallasFort WorthSan Antonio & Houston), Georgia and Illinois.

Follow us
Facebook-f Instagram Youtube
Practice Areas
  • IRS Tax Litigation
  • Sales Tax Litigation
  • Snap Violations
  • Healthcare Audits
Latest News & Articles
  • (888) 577-1482
  • info@ansaritax.com
  • 4131 N Central Expy #900, Dallas, TX 75204
  • 5601 Bridge St Ste 485 Fort Worth, TX 76112-2384
  • 1600 Ne Loop 410 Ste 208 San Antonio, TX 78209
  • Mon-Sat: 24/7

© 2025 Ansari Law Firm. All Rights Reserved.

Design & Marketed By Invincibe Digital

Call Now
Get in Touch