Security Rule Guidance Material
In this section, you will find educational materials to help you learn more about the HIPAA Security Rule and other sources of standards for safeguarding electronic protected health information (e-PHI).
Security Risks to Electronic Health Information from Peer-to-Peer File Sharing Applications-The Federal Trade Commission (FTC) has developed a guide to Peer-to-Peer (P2P) security issues for businesses that collect and store sensitive information.
Safeguarding Electronic Protected Health Information on Digital Copiers-The Federal Trade Commission (FTC) has tips on how to safeguard sensitive data stored on the hard drives of digital copiers.
Security Rule Educational Paper Series
The HIPAA Security Information Series is a group of educational papers which are designed to give HIPAA covered entities insight into the Security Rule and assistance with implementation of the security standards.
HIPAA Security Guidance
HHS has developed guidance to assist HIPAA covered entities in complying with the risk analysis requirements of the Security Rule.
HHS has also developed guidance to provide HIPAA covered entities with general information on the risks and possible mitigation strategies for remote use of and access to e-PHI.
HHS has gathered tips and information to help you protect and secure health information patients entrust to you when using mobile devices.
HHS has developed guidance to help covered entities and business associates better understand and respond to the threat of ransomware.
National Institute of Standards and Technology (NIST) Special Publications
NIST is a federal agency that sets computer security standards for the federal government and publishes reports on topics related to IT security. The following special publications are provided as an informational resource and are not legally binding guidance for covered entities.
OCR Cyber Awareness Newsletters
The Office for Civil Rights issues periodic newsletters to assist the regulated community to become more knowledgeable about the various security threats and vulnerabilities that currently exist in the healthcare sector, to understand what security measures can be taken to decrease the possibility of being exposed by these threats; and how to reduce breaches of ePHI.
Guidance on HIPAA Risk Analysis
The Office for Civil Rights (OCR) provides a series of useful guidance documents and tools to assist organizations in identifying and implementing the most effective and appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of electronic protected health information.