This policy is listed for reference only and should be reviewed with your lawyer before implementing them into daily practice. We are not lawyers and are not providing any legal advice. View our legal disclaimer.

Integrity Policy

Reference: 164.312(c)
Last Updated: May 19, 2024


Data integrity is the ability to confirm that data has not been altered or destroyed in an unauthorized manner. The purpose of this policy is to outline policies and procedures for protecting electronic Protected Health Information(ePHI) from improper alteration or destruction relative to the HIPAA Security Regulations.



  1. Policies and procedures to protect ePHI from improper alteration or destruction and to keep ePHI consistent with its source have been created and will be reviewed on an ongoing basis.
  2. Team members shall be briefed on these procedures and actions to take when applicable.
  3. Electronic mechanisms have been implemented to confirm that ePHI has not been altered or destroyed in an unauthorized manner. Technical controls to use include:
    1. Firewalls;
    2. Encryption;
    3. Password protection and other authentication devices; and
    4. Anti-virus software.
  4. The Security Manager or its designated person shall be responsible for maintaining internal controls to protect ePHI from improper alteration or destruction and to keep it consistent with its source.
  5. Recommendations regarding the preferred combination of technical solutions, processes, and procedures may be made by any team member. However, it is up to the management team to decide upon implementation or changes.
  6. The Security Officer or its designated representative must perform routine monitoring of the systems multiple times throughout the year.
    1. Database integrity - integrity checking and data recovery features which must be built into the database application;
    2. Procedure integrity - based on the level of risk it may be necessary to provide additional reliability in the form of redundant systems, duplicate power supplies, appropriate power conditioning and cooling systems.
  7. Regular preventive maintenance must be performed in all systems to protect against alteration or modification.
  8. Current systems, or potential systems, must be examined to determine if they can provide tools for protection against intrusion or data alteration without authorization and some form to verify the integrity of the data. If these systems do not have these capabilities the same should be upgraded or replaced.
Simplify Your Compliance with
Software and Guided Coaching
Let your patients and clients know that you take HIPAA seriously with the HIPAA Seal of Compliance for your website, storefront, and marketing materials.

Get instant access to HIPAA Compliance News and Updates

You'll get your first checklist as soon as you sign up!

overlapping hands

Our Mission

To safeguard medical data by providing secure, reliable, and fully HIPAA-compliant hosting solutions, enabling healthcare professionals to focus on their primary mission of providing care.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram