The scope of HIPAA Security Rules

HIPAA security rules deal with health information that is maintained or transmitted electronically. This rule emphasizes on the security framework for those entities that deal with medically sensitive information.  As such, they apply to health plans, health care clearinghouses, and to any health care provider who transmits health information in electronic form in connection with a transaction for which the Secretary of HHS has adopted standards under HIPAA (the “covered entities”).

According to the Security rule, all HIPAA entities must provide a security plan with safeguards in the following areas:

Administrative safeguards: As per HIPAA Security Rule, a covered entity must identify and analyze potential risks to e-PHI, and it must implement security measures that reduce risks and vulnerabilities to a reasonable and appropriate level. It should also designate a security official who is responsible for developing and implementing its security policies and procedures.

Physical safeguards: A covered entity must limit physical access to its facilities while ensuring that authorized access is allowed.

Technical safeguards: A covered entity must implement technical policies and procedures that allow only authorized persons to access electronic protected health information (e-PHI).

HIPAA Security Rule is especially applicable to HIPAA compliant web designers and web-hosting providers. HIPAA entities looking for secure solutions must make sure that whatever solutions they implement must comply with the security specifications defined in the rule.