Covered Entity Compliance
All covered entities have been subject to the HIPAA Security Rule (as of April 20, 2005), except for certain small health plans, which were required to comply no later than April 20, 2006. The provisions of the Security Rule apply to electronic protected health information (EPHI).
The HIPAA Security Rule requires:
- Confidentiality - EPHI is accessible only by authorized people and processes
- Integrity - EPHI is not altered or destroyed in an unauthorized manner
- Availability - EPHI can be accessed as needed by an authorized person...