Institute:Office of National Coordinator (ONC) Workforce Training Curriculum
Component:Introduction to Health Care and Public Health in the U.S.
Unit:Regulating Health Care
Lecture:Health Insurance Portability and Accountability Act
Slide content:HIPAA Security Rule Requires covered entities to use security measures to protect health information Does not specify which technology must be used Establishes minimum federal standards State laws may require more rigorous safeguards 14
Slide notes:The HIPAA Security Rule sets out administrative, physical, and technical measures that covered entities must have in place to protect electronic health information. The Security Rule does not require the use of any specific technology, so that organizations can use the latest electronic communications and security technologies as they are developed. The law emphasizes that security is an ongoing process rather than a one-time goal . The HIPAA Security Rule establishes certain minimum standards. In some states, state law may require more rigorous safeguards than HIPAA specifies. In these cases, covered entities must follow the more stringent state laws. 14