safeguards, security (HIPAA)
Rule divides its protections into three "safeguard"
categories: technical (discussed here), administrative
Each safeguard category includes various standards
and implementation specifications.
defines technical safeguards as "the technology and the
policy and procedures for its use that protect electronic
protected health information
[PHI] and control access to it." Earlier versions
of the Rule further divided the category into "technical
security mechanisms" and "technical security services."
The technical safeguards
standards and specifications are presented in the matrix below.
(For more information on a particular standard, follow the
link in the left column.) Note
that the listing is very generic, reflecting the regulation's
aims of "technology neutrality" and "scalability."
access procedure (r)
and decryption (a)
to authenticate electronic PHI (a)
or entity authentication
A to Subpart C of Part 164