The HIPAA Security Rules consist of three sets of standards published by the Department of Health & Human Services (HHS). The standards consist of the administrative, technical and physical safeguards that have to be implemented where appropriate to ensure the confidentiality, integrity and security of electronic PHI in transit and at rest. Although the standards have remained the same since their publication in 2003, updates to the Rules in the HITECH Act of 2009 and the Final Omnibus Rule of 2013 affect who they apply to and the penalties for non-compliance.
The administrative, technical and physical safeguards have been developed in order to help Covered Entities identify and protect against reasonably anticipated threats and impermissible disclosures of electronic PHI (ePHI). In order to achieve these objectives, each Covered Entity has to assess its current security mechanisms, policies and procedures and compile a risk analysis which prioritizes potential vulnerabilities so any weaknesses can be addressed.
Learn more about HIPAA security rules: https://www.hipaaguide.net/hipaa-security-rules/
More info here:
https://www.hipaaguide.net/hipaa-compliant-texting/
https://www.hipaaguide.net/hipaa-risk-assessment/
