• Contact
  • 888-54-FIRST
  • Client Login
    • Client Portal
    • Online Store
Search
First Healthcare Compliance
  • Solutions
    • Compliance Management Software
    • Online Compliance Courses
    • Compliance Management Suite
  • Plans
  • Resources
    • Blog
    • Virtual Education Hub
    • 1st Talk Compliance Podcast
    • Connect Magazine
    • Compliance Posters
    • Healthcare Compliance Books
    • Newsletter Signup
  • News & Events
    • Press Releases
  • Our Team
  • Request Demo
  • Menu Menu
  • Shopping Cart Shopping Cart
    0Shopping Cart

Blog

Do You Meet the Security Rule Requirements for a Covered Entity?

October 16, 2014/in 1st Healthcare Compliance, Blog, Covered Entity, HIPAA, HIPAA Zone, HITECH, Vendor Zone

Covered entities should be aware of differences between the Privacy and Security Rule requirements regarding protected health information. One major distinction is that the HIPAA Security Rule only applies to electronic protected health information (e-PHI). A covered entity is responsible for maintaining confidentiality, integrity and availability of all e-PHI.

Under the HIPAA Security Rule, covered entities are required to do a risk analysis to document any risks or vulnerabilities to e-PHI. Any risks or vulnerabilities identified should be appropriately addressed and steps for mitigation documented, including necessary changes to policies and procedures. All documents should be kept for at least 6 years.

A plan should be developed based on the risk analysis results and should include how the practice uses the administrative, physical and technical safeguards to mitigate risks. This risk analysis should be an ongoing process and to achieve Meaningful Use, a review is required periodically. This is not a “one-size fits all” so the security measures are scalable to any size practice.

The Administrative, Physical and Technical Safeguards are the focus of the OCR Audit Program Protocol for the Security Rule.
Covered entities must comply with all of the standards listed below and some of these standards also have required implementation specifications that must be followed:

Administrative Safeguards

  • Security Management Process (Required Implementation Specifications for Risk Analysis, Risk Management, Sanction Policy, Information System Activity Review)
  • Assigned Security Responsibility (Required Implementation Specification to Identify Security Official)
  • Workforce Security
  • Information Access Management (Required Implementation Specifications for Isolating Healthcare Clearinghouse Function)
  • Security Awareness and Training
  • Security Incident Procedures (Required Implementation Specification for Response and Reporting)
  • Contingency Plan (Required Implementation Specifications for Data Backup Plan and Disaster Recovery Plan and Develop and Implementation of an Emergent Mode Operation Plan)
  • Evaluation (Required Implementation Specification for Periodic Technical and Non-technical Evaluation)
  • Business Associate Contracts and Other Arrangements (Required Implementation Specifications for a Written Contract)

Physical Safeguards

  • Facility Access Controls
  • Workstation Use (Required Implementation Specification for Function and Physical Attributes)
  • Workstation Security (Required Implementation Specification for Physical Safeguards and Access Restrictions)
  • Device and Media Controls (Required Implementation Specifications regarding Methods for Final Disposal of e-PHI and Procedures for Reuse of Electronic Media)

Technical Safeguards

  • Access Controls (Required Implementation Specifications to Assign All System Users a Unique Identifier and to Establish Emergency Access Procedure)
  • Audit Controls (Required Implementation Specification to Record and Examine Activity)
  • Integrity Controls
  • Transmission Controls
  • Person or Entity Authentication (Required Implementation Specification for Authentication Procedures)

With the enactment of HITECH, the HIPAA Enforcement Rule allows Civil Monetary Penalties (CMP) for violations of the Privacy and/or Security Rules. A covered entity could be assessed a fine of up to $1.5M for identical violations in one calendar year even if the covered entity did not know about a violation and if known, the correction must occur in 30 days from discovery or be subject to maximum penalties.

Share this
  • Share on Facebook
  • Share on X
  • Share on LinkedIn
  • Share on Reddit
  • Share by Mail
https://1sthcc.com/wp-content/uploads/2022/10/1sthcc-logo-1024x378.jpg 0 0 First Healthcare Compliance Staff https://1sthcc.com/wp-content/uploads/2022/10/1sthcc-logo-1024x378.jpg First Healthcare Compliance Staff2014-10-16 09:22:552025-04-15 12:58:07Do You Meet the Security Rule Requirements for a Covered Entity?

Subscribe to Weekly eNewsletter

Get the latest healthcare compliance updates straight to your inbox.

Subscribe to Newsletter

Recent Posts

  • Navigating the HIPAA Security Landscape: A Comprehensive Guide to Security Risk Assessments
  • OSHA Recordkeeping in Healthcare: Answers to Frequently Asked Questions
  • Naughty or Nice? The Rules of Giving and Receiving in Healthcare
  • fraud waste abuse healthcare compliance
    FWA in Healthcare: How to Respond Appropriately to Detected Offenses
  • Infographic: 6 Areas of Potential Liability for Healthcare Providers
    6 Areas of Potential Liability for Healthcare Providers
  • 5 Benefits of Automating Incident Reporting in Healthcare

 

First Healthcare Compliance is a division of Panacea Healthcare Solutions. Learn more

Subscribe

Get the latest healthcare compliance updates straight to your inbox.

Subscribe to Newsletter

Connect

Get started: Request Demo

Call: 1-888-54-FIRST

E-mail: Contact us

  • Link to Instagram
  • Link to Youtube
  • Link to Facebook
  • Link to LinkedIn
  • Link to X
© Copyright 2026 Panacea Healthcare Solutions, LLC | Disclaimer | Privacy Policy and Copyright Notice
Scroll to top Scroll to top Scroll to top

We and our third-party partners use cookies to improve and personalize your experience on the site and with our services in addition to delivering and reporting on ads. Please visit our Privacy Statement for more information. By continuing to browse the site, you are agreeing to our use of cookies. Read Privacy Statement.

OKDismiss

Cookie and Privacy Settings



How we use cookies

We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.

Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.

Essential Website Cookies

These cookies are strictly necessary to provide you with services available through our website and to use some of its features.

Because these cookies are strictly necessary to deliver the website, refusing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.

We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.

We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.

Other external services

We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.

Google Webfont Settings:

Google Map Settings:

Google reCaptcha Settings:

Vimeo and Youtube video embeds:

Privacy Policy

You can read about our cookies and privacy settings in detail on our Privacy Policy Page.

Privacy Policy and Copyright Notice
Accept settingsHide notification only