physical safeguards, security (HIPAA)

HIPAA's Security Rule divides its protections into three "safeguard" categories: physical (discussed here), administrative and technical. Each safeguard category includes various standards and implementation specifications.

The Rule defines physical safeguards as "physical measures, policies and procedures to protect a covered entity's electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion."

The physical safeguards standards and specifications are presented in the matrix below. (For more information on a particular standard, follow the link in the left column.)

Standard(s) CFR section

Implementation Specification
(r)=required; (a)=addressable

facility access controls 164.310(a)(1) contingency operations (a)
facility security plan (a)
access control and validation procedures (a)
maintenance records (a)
workstation use 164.310(b) (r)
workstation security 164.310(c) (r)
device and media controls 164.310(d)(1) disposal (r)
media re-use (r)
accountability (a)
data backup and storage (a)

Source: Appendix A to Subpart C of Part 164

See also:


   © 2002-2006 Contributing authors and University of Miami School of Medicine