§164.306 critical Severity HIPAA US Federal

HIPAA Security Rule — General Requirements

Enforced by: HHS OCR (US)
Current as of March 26, 2013
Plain Language Summary
HIPAA Security Rule requires covered entities to ensure confidentiality, integrity, and availability of all ePHI. Security measures must be "reasonable and appropriate" based on a risk analysis.

A covered entity or business associate must: ensure the confidentiality, integrity, and availability of all electronic protected health information; protect against any reasonably anticipated threats or hazards to the security or integrity of such information; protect against any reasonably anticipated uses or disclosures of such information that are not permitted; and ensure compliance with this subpart by its workforce.

Related Enforcement Cases

Advocate Aurora Health — Tracking Pixel HIPAA Settlement ($3M) $3.0M
Banner Health — Network Segmentation Failure HIPAA Settlement ($1.25M) $1.25M