Restricting Improper Access
The Security Rule was designed to protect the confidentiality, integrity, and availability of electronic Protected Health Information (ePHI). United States HIPAA security requirements establish the standards that Covered Entities (healthcare providers, health plans, healthcare clearinghouses) must follow to develop and maintain the security of all ePHI.
What is Required?
To comply, Covered Entities must:
- Ensure the confidentiality, integrity, and availability of all ePHI that the Covered Entity creates, receives, maintains, or transmits.
- Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.
- Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.
- Ensure workforce compliance.
How is this Achieved?
To meet these requirements, a Covered Entity must implement administrative, physical, and technical security standards. Implementation specifications are categorized as being required or addressable.
- Required - The implementation of these specifications is mandatory.
- Addressable - Covered Entities will need to do one of the following:
- Implement one or more of the addressable implementation specifications.
- Implement one or more alternate security measures.
- Implement a combination of addressable and alternate measures.
- Decide not to implement either an addressable implementation specification or an alternate security measure. (If it is not reasonable and appropriate, the entity must either implement an equivalent measure or, if the standard can be met another way, choose not to implement the specification or any equivalent specification. The Covered Entity must document the reasons for its choice.)
To better understand the security standards, please refer to the accompanying Security Standards Matrix.
The Philips Focus
Philips Healthcare has a comprehensive, partnership-oriented approach to product security, helping our customers with prevention, response, and compliance issues. Technical safeguards are available on many Philips Healthcare products today, including:
- Access control - features to restrict access to privileged entities.
- Audit controls - mechanisms to record and examine system activity to identify suspicious data access activity.
- Authentication - an electronic mechanism to corroborate that electronic information has not been altered or destroyed in an unauthorized manner (integrity).
- Encryption - implementation features include integrity controls, message authentication, access control or encryption, network alarms, audit trails, entity authentication, and event reporting.
Philips continues to approach product engineering with our customers’ security concerns as a top priority. We have implemented security feature requirements into our product design and development process, and seek continued input from our customers as we work to provide innovative solutions to address the evolving nature of security in healthcare delivery.
Need to Know More?
Back to top