Facebook-f Instagram Youtube
All Tax Videos
Call: (888) 577-1482

HIPPA Compliance

The HIPAA Security Rule requires appropriate Administrative, Physical, and Technical Safeguards to ensure the confidentiality, integrity, and security of protected health information (PHI). 

The Security Rule is made up of 3 parts.

  1. Technical Safeguards
  2. Physical Safeguards
  3. Administrative Safeguards

All 3 parts include implementation specifications. Some implementation specifications are “required” and others are “addressable.” Required implementation specifications must be implemented. Addressable implementation specifications must be implemented if it is reasonable and appropriate to do so; your choice must be documented. (see the HHS answer)

It is important to remember that an addressable implementation specification is not optional. When in doubt, you should just implement the addressable implementation specifications. Most of them are best practices anyway.

Technical Safeguards

The Technical Safeguards focus on the technology that protects PHI and controls access to it. The standards of the Security Rule do not require you to use specific technologies. The Security standards were designed to be “technology neutral.”

There are 5 standards listed under the Technical Safeguards section.

  1. Access Control
  2. Audit Controls
  3. Integrity
  4. Authentication
  5. Transmission Security

When you break down the 4 standards there are 10 things that you need to implement.

  1. Facility Access Controls – Contingency Operations (addressable): Establish (and implement as needed) procedures that allow facility access in support of restoration of lost data under the disaster recovery plan and emergency mode operations plan in the event of an emergency.
  2. Facility Access Controls – Facility Security Plan (addressable): Implement policies and procedures to safeguard the facility and the equipment therein from unauthorized physical access, tampering, and theft.
  3. Facility Access Controls – Access Control and Validation Procedures (addressable): Implement procedures to control and validate a person’s access to facilities based on their role or function, including visitor control, and control of access to software programs for testing and revision.
  4. Facility Access Controls – Maintenance Records (addressable): Implement policies and procedures to document repairs and modifications to the physical components of a facility which are related to security (e.g. hardware, walls, doors, and locks).
  5. Workstation Use (required): Implement policies and procedures that specify the proper functions to be performed, the manner in which those functions are to be performed, and the physical attributes of the surroundings of a specific workstation or class of workstation that can access ePHI.
  6. Workstation Security (required): Implement physical safeguards for all workstations that access ePHI, to restrict access to authorized users.
  7. Device and Media Controls – Disposal (required): Implement policies and procedures to address the final disposition of ePHI, and/or the hardware or electronic media on which it is stored.
  8. Device and Media Controls – Media Re-Use (required): Implement procedures for removal of ePHI from electronic media before the media are made available for re-use.
  9. Device and Media Controls – Accountability (addressable): Maintain a record of the movements of hardware and electronic media and any person responsible therefore.
  10. Device and Media Controls – Data Backup and Storage (addressable): Create a retrievable, exact copy of ePHI, when needed, before movement of equipment.
Ansari Law Firm BBB Business Review
Healthcare Law Articles

Latest Healthcare Law News

Medicare Audit Atlanta

Medicare Audit Atlanta Medicare Audits – “Reasonable and Necessary” With the Federal government contracting and double-checking its spending, healthcare practitioners

Health Care Compliance Atlanta

Health Care Compliance Atlanta Overview of Healthcare Compliance Healthcare compliance is a broad term that can encompass issues such as

Medicare Revocation Appeals

Medicare Revocation Appeals There are Five levels of Appeals: Overview There are five levels of appeals for Medicare revocation cases.

Detroit Medicare Fraud Doctors Arrested

Detroit Medicare Fraud Doctors Arrested Overview of Charges Five doctors and two others in and around metro Detroit face felony

More Healthcare Law News
Contact our Tax Law Firm

Call our Tax Attorneys to Discuss your Case
Call (888) 577-1482
About

Ansari Law Firm is a multi-state business and state tax law firm, with offices in Texas (Dallas, Fort Worth, San Antonio & Houston), Georgia and Illinois.

Practice Areas
Contact
Latest News & Articles
nexus tax defense logo small new

Ansari Law Firm is a multi-state business and state tax law firm, with offices in Texas (DallasFort WorthSan Antonio & Houston), Georgia and Illinois.

Follow us
Facebook-f Instagram Youtube
Practice Areas
  • IRS Tax Litigation
  • Sales Tax Litigation
  • Snap Violations
  • Healthcare Audits
Latest News & Articles
  • (888) 577-1482
  • info@ansaritax.com
  • 4131 N Central Expy #900, Dallas, TX 75204
  • 5601 Bridge St Ste 485 Fort Worth, TX 76112-2384
  • 1600 Ne Loop 410 Ste 208 San Antonio, TX 78209
  • Mon-Sat: 24/7

© 2025 Ansari Law Firm. All Rights Reserved.

Design & Marketed By Invincibe Digital

Call Now
Get in Touch