HIPAA Security Rule

The HIPAA Security Rule sets the standards for protecting electronic protected health information (ePHI). It organizes protections into three categories: administrative safeguards (policies, training, risk analysis), physical safeguards (facility and device controls), and technical safeguards (encryption, access controls, audit logging, automatic logoff).

For a plain-language breakdown of each layer, see HIPAA safeguards explained.