HIPAA Physical Security

HIPAA Physical Security


Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker.

HIPAA Physical Security Guidance

Under HIPAA regulation, security safeguards are an important part of keeping your behavioral health business safe. Recently, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has released new guidance reinforcing the importance of HIPAA Physical Security safeguards for health care professionals across the country.

But how can behavioral health professionals adequately address their HIPAA physical security standards while maintaining and growing their business?

Understanding HIPAA Security

Under the HIPAA Security Rule, health care professionals are required to address regulatory standards meant to safeguard the use and transmission of protected health information (PHI). PHI is any demographic information that can be used to identify a patient. Common examples of PHI include a patient’s name, date of birth, telephone number, email address, Social Security number, medical record, and full facial photo, to name a few.

The HIPAA Security Rule identifies three different kinds of safeguards that must be addressed to ensure the confidentiality, integrity, and availability of PHI. These safeguards include:

  • Technical Safeguards to protect electronic use and transmission of data
  • Physical Safeguards to protect premises where PHI is stored
  • Administrative Safeguards to ensure that members of the workforce are properly trained to implement all security standards

HHS Reinforces HIPAA Physical Security

HHS released new guidance to reinforce the importance of HIPAA Physical Security safeguards for health care providers. Physical Security safeguards are an often overlooked component of the regulation that can have a huge impact on maintaining the safety of patient information.

Headlines detailing cyber-security incidents and ransomware or malware incidents are becoming more and more popular. And because of the threat to PHI maintained in a digital format, it makes sense that health care providers are focusing on cyber-security measures. However, this new HHS physical security guidance underscores the importance of having protections in place as well.

Although PHI is being maintained in an increasingly digital fashion with electronic health records (EHR) platforms, those platforms maintaining that data are ultimately operated through physical servers. Those servers may be stored off-site at a third-party data hub, or on a smaller scale within a health care provider’s physical office.

In either case, HIPAA regulation mandates that health care professionals implement HIPAA physical security safeguards to protect these servers–or any devices–that maintain PHI. Even laptops or computer systems that can access PHI must be physically secured to prevent theft and ultimate data loss.

Implementing HIPAA Physical Security safeguards is an essential component of creating an effective compliance program to protect your practice against data breaches and HIPAA fines.

HIPAA Compliant Cybersecurity for Professionals

Must-know information about how to protect your telehealth practice from a ransomware attack. Operate w/ EYES WIDE OPEN.

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x