The Health Insurance Portability and Accountability Act (HIPAA) Security Rule was created to ensure that doctors and other covered entities have implemented the appropriate safeguards to protect the confidentiality, integrity and availability of Electronic Protected Health Information (EPHI). As more and more covered entities exchange EPHI via electronic mediums, there’s a growing need for the Security Rule’s standards. But if you’re a covered entity, you may have some questions about the Security Rule’s physical safeguards.
The Security Rule requires covered entities to implement technical, administrative and physical safeguards to protect EPHI from unauthorized use and access. Technical safeguards consist of digital measures to protect the confidentiality of EPHI, including the use of strong passwords, unique user identifications, firewalls, encryption, network monitoring service, etc. Administrative safeguards, on the other hand, consist of policies and procedures which are intended to protect the confidentiality of EPHI.
Now that you know the basic definitions of technical safeguards and administrative safeguards, you might be wondering about physical safeguards. The Department of Health and Human Services (HHS) further explains on its website, saying that physical safeguards are “...physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment from natural and environmental hazards, and unauthorized intrusion.”
It’s easy to overlook the implementation of physical safeguards, simply because the Security Rule pertains strictly to EPHI. But even EPHI should be protected with the appropriate physical safeguards. Failure to include them in your practice places patients’ personal information at risk of disclosure while also placing your practice at risk for HIPAA fines and corrective action.
The standards listed in the HIPAA Security Rule’s physical safeguards consist of facility access controls, workstation use, workstation security, and device and media controls.
Common examples of physical safeguards include the following:
- Locked doors
- Perimeter gates
- Video surveillance
- Patient identification verification
- Documentation of changes, removals and repairs to the device housing your EPHI
To recap, physical safeguards are an element of the HIPAA Security Rule that involves the use of tangible measures to prevent the unauthorized use or disclosure of EPHI. While the Privacy Rule covers all forms of Protected Health Information (PHI), the Security Rule focuses strictly on EPHI. It was created as a result of the growing use of electronic platforms on which covered entities use to store and transmit EPHI.
To learn more HIPAA compliance, contact us today. HOA.com offers secure cloud computing services for covered entities big and small.