The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.
The Security Rule is located at 45 CFR Part 160 and Subparts A and C of Part 164.
View the combined regulation text of all HIPAA Administrative Simplification Regulations found at 45 CFR 160, 162, and 164.
Security Rule History
February 20, 2003 – Security Standards – Final Rule
August 12, 1998 – Security and Electronic Signature Standards - Proposed Rule
Other Security Rule Notices and Materials
View the NIST Cyber Security Framework to HIPAA Security Rule Crosswalk
View the HHS Security Risk Assessment Tool
View Federal Trade Commission Guidance on Medical Identity Theft: FAQs for Health Care Providers and Health Plans
View the Federal Register notice of the Delegation of Authority (74 FR 38630)
View the Delegation of Authority Press Release
View Guidance on Risk Analysis requirements under the Security Rule.
View Security Rule Educational Paper Series and NIST Special Publications
View Federal Trade Commission Guidance on the Security Risks to Electronic Health Information from Peer-to-Peer File Sharing Applications
View Federal Trade Commission Guidance on Safeguarding Electronic Protected Health Information on Digital Copiers