Electronic Protected Health Information
The HIPAA Privacy Rule ensures the privacy of your health information, known as PHI, as stated in the Rule itself.
The Security Rule safeguards electronic protected health information (e-PHI), which is all individually identifiable health information that a covered entity creates, receives, maintains, or transmits electronically. The Security Rule does not apply to PHI transmitted orally or in writing.
General Rules
Covered entities are required by the Security Rule to maintain reasonable and appropriate administrative, technical, and physical safeguards to protect e-PHI.
Specifically, covered entities must:
- Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain, or transmit.
- Identify and protect against reasonably anticipated threats to the security or integrity of the information.
- Protect against reasonably anticipated, impermissible uses or disclosures.
- Ensure compliance by their workforce.
The Security Rule defines "confidentiality" as ensuring that e-PHI is not available or disclosed to unauthorized individuals. This confidentiality aligns with the Privacy Rule's prohibitions against the improper use and disclosure of PHI.
The next section has a scenario about disclosing information to others inappropriately.
Knowledge Check Choose the best answer for the question.
3-3. What must covered entities maintain using reasonable and appropriate administrative, technical, and physical safeguards?
You forgot to answer the question!