The Security Rule
The Final Rule on Security Standards was issued on February 20, 2003. It took effect on April 21, 2003 with a compliance date of April 21, 2005 for most covered entities and April 21, 2006 for "small plans". The Security Rule complements the Privacy Rule. While the Privacy Rule pertains to all Protected Health Information (PHI) including paper and electronic, the Security Rule deals specifically with Electronic Protected Health Information (EPHI). It lays out three types of security safeguards required for compliance: administrative, physical, and technical. For each of these types, the Rule identifies various security standards, and for each standard, it names both required and addressable implementation specifications. Required specifications must be adopted and administered as dictated by the Rule. Addressable specifications are more flexible. Individual covered entities can evaluate their own situation and determine the best way to implement addressable specifications. Some privacy advocates have argued that this "flexibility" may provide too much latitude to covered entities. [26] The standards and specifications are as follows: Administrative Safeguards Physical Safeguards Technical Safeguards
Alternate answers seen on other CBTs
The same question shows up worded slightly differently across CBT versions. Here are the other answer variants we've indexed.
• The Security Rule establishes national standards to protect certain health information that is held or transferred in electronic form. • The Security Rule requires appropriate safeguards to ensure the confidentiality, integrity, and security of electronic Protected Health Information (PHI). • The U.S. Office of Civil Rights, in conjunction with the federal Department of Justice, is responsible for enforcing this rule and imposing criminal penalties of imprisonment and fines for HIPAA violations involving PHI.
According To The Hipaa Privacy Rule Protected Health Information Includes →