# Security & Compliance(HIPAA)

## **HIPAA (The Health Insurance Portability and Accountability Act)—**

develop regulations protecting the privacy and security of certain health information.  
**Electronic Protected Health Information(ePHI**)**.** The HIPAA Privacy Rule protects the privacy of individually identifiable health information, called protected health information (PHI).

**Rules —**

1. Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit.
    
2. Identify and protect against reasonably anticipated threats to the security or integrity of the information
    
3. **Few information that qualify as PHI include**  
    (Name, Address, Any dates (except years) that are directly related to an individual, Telephone number, Fax number, Email address, Social Security number, Medical record number, Health plan beneficiary number
    

**Technical Safeguards**

* **Access Controls:** Implementing technical policies and procedures that allow only authorised persons to access ePHI.
    
* **Audit Controls:** Implementing hardware, software, and/or procedural mechanisms to *record and examine access* in *information systems* that *contain or use* ePHI.
    
* **Integrity Controls:** Implementing policies and procedures to ensure that ePHI *has not been*, and *will not be*, improperly altered or destroyed.
    
* **Transmission Security:** Implement technical security measures that guard against unauthorized access to ePHI that is transmitted over an electronic network.