Skip to main content
U.S. flag

An official website of the United States government

Return to Search

FAQ 2000 Why is the HIPAA Security Rule needed and what is the purpose of the security standards?

This guidance explains that the purpose of the Security Rule is to ensure that every covered entity has implemented safeguards to protect the confidentiality, integrity, and availability of electronic protected health information.

Final

Issued by: Office for Civil Rights (OCR)

Why is the HIPAA Security Rule needed and what is the purpose of the security standards?

Answer:

In enacting HIPAA, Congress mandated the establishment of Federal standards for the security of electronic protected health information (e-PHI). The purpose of the Security Rule is to ensure that every covered entity has implemented safeguards to protect the confidentiality, integrity, and availability of electronic protected health information. Standards for security are needed because there is a growth in the exchange of protected health information between covered entities as well as non-covered entities. The standards mandated in the Security Rule protect an individual's health information, while permitting the appropriate access and use of that information by health care providers, clearinghouses, and health plans. The Security Rule establishes a Federal floor of standards to ensure the availability, confidentiality and integrity of e-PHI. State laws which provide more stringent standards will continue to apply over and above the new Federal security standards.

Health care providers, health plans and their business associates have a strong tradition of safeguarding private health information. However, in today’s world, the old system of paper records in locked filing cabinets is not enough. With information broadly held and transmitted electronically, the Rule provides clear standards for the protection of e-PHI.


Content created by Office for Civil Rights (OCR)
Content last reviewed on July 26, 2013

HHS is committed to making its websites and documents accessible to the widest possible audience, including individuals with disabilities. We are in the process of retroactively making some documents accessible. If you need assistance accessing an accessible version of this document, please reach out to the guidance@hhs.gov.

DISCLAIMER: The contents of this database lack the force and effect of law, except as authorized by law (including Medicare Advantage Rate Announcements and Advance Notices) or as specifically incorporated into a contract. The Department may not cite, use, or rely on any guidance that is not posted on the guidance repository, except to establish historical facts.