Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

HHS.gov
  • About HHS
  • Programs & Services
  • Grants & Contracts
  • Laws & Regulations
  • HIPAA for Individuals
  • Filing a Complaint
  • HIPAA for Professionals
  • Newsroom

Breadcrumb

  1. HHS
  2. HIPAA Home
  3. For Professionals
  4. FAQ
  5. 2017-Does the Security Rule allow you to network computers
  • Authorizations (30)
  • Business Associates (41)
  • Compliance Dates (2)
  • Covered Entities (14)
  • Decedents (9)
  • Disclosures for Law Enforcement Purposes (5)
  • Disclosures for Rule Enforcement (1)
  • Disclosures in Emergency Situations (2)
  • Disclosures Required by Law (6)
  • Disclosures to Family and Friends (28)
  • Disposal of Protected Health Information (6)
  • Facility Directories (7)
  • Family Medical History Information (3)
  • FERPA and HIPAA (10)
  • Group Health Plans (3)
  • Health Information Technology (41)
  • Incidental Uses and Disclosures (10)
  • Judicial and Administrative Proceedings (8)
  • Limited Data Set (6)
  • Marketing (18)
  • Marketing - Refill Reminders (16)
  • Mental Health (35)
  • Minimum Necessary (14)
  • Notice of Privacy Practice (20)
  • Personal Representatives and Minors (12)
  • Preemption of State Law (10)
  • Privacy Rule: General Topics (12)
  • Protected Health Information (2)
  • Public Health Uses and Disclosures (13)
  • Research Uses and Disclosures (20)
  • Right to Access and Research (58)
  • Right to an Accounting of Disclosures (8)
  • Right to File a Complaint (1)
  • Right to Request a Restriction (3)
  • Safeguards (13)
  • Security Rule (24)
  • Smaller Providers and Businesses (145)
  • Student Immunizations (8)
  • Telehealth (11)
  • Transition Provisions (3)
  • Treatment, Payment, and Health Care Operations Disclosures (30)
  • Workers Compensation Disclosures (5)

Does the Security Rule allow you to network computers? In other words, are covered entities allowed to connect two computer systems, either within the covered entity, or between two covered entities or between a covered entity and its business associate(s) so that they can exchange information directly?

Answer:

With regard to networking computers, there is nothing in the Security Rule that prohibits the networking of computers, whether inside the same company, or between two unrelated companies who conduct business together. However, the covered entity must demonstrate that it has evaluated the risks associated with a network connection, and document that it has established all of the safeguards (technical, physical and administrative) that would serve to reasonably protect the information that is exchanged along the network. That will include an assessment of everything from the firewall to the designation and training of the individuals who have access to the data.

Content created by Office for Civil Rights (OCR)
Content last reviewed February 8, 2023
Back to top
  • Contact HHS
  • Careers
  • HHS FAQs
  • Nondiscrimination Notice
  • HHS Archive
  • Accessibility
  • Privacy Policy
  • Viewers & Players
  • Budget/Performance
  • Inspector General
  • Web Site Disclaimers
  • EEO/No Fear Act
  • FOIA
  • The White House
  • USA.gov
  • Vulnerability Disclosure Policy

Sign Up for Email Updates

Receive the latest updates from the Secretary, Blogs, and News Releases.

Sign Up
HHS Logo

HHS Headquarters

200 Independence Avenue, S.W.
Washington, D.C. 20201
Toll Free Call Center: 1-877-696-6775​