The Security Rule does not require specific technology solutions for providers but HHS does give some general guidance (see Security Standards: Technical Safeguards for more in depth info)

HHS specifically addresses 5 HIPAA technical standards and PCS has grouped our general recommendations for how to address each of these standards:


1. Access control –  the ability or the means necessary to read, write, modify, or communicate data/information or otherwise use any system resource.  Examples include:

  • Require unique and complex username and passwords for each staff member
  • Use Automatic logoff
  • Use of screen lock when not physically as the workstation
  • Use of encryption and decryption (encrypt any hard drives with patient data)
  • Isolate Wi-Fi off main network (One Wi-Fi for patients and separate secure Wi-Fi for staff)
  • Confirm HIPAA security compliance for any remote access software or use a VPN
  • Establish procedures for obtaining necessary electronic information during an emergency

2.  Audit controls –  Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic information

  • Make sure that the EHR systems and router tracks user activity

3. Integrity – Implement policies and procedures to protect electronic protected health

information from improper alteration or destruction

  • Use cloud based backup
  • Keep operating systems updated
  • Keep antivirus updated
  • Implement access controls to limit staff use of internet

4. Person or Entity Authentication – Implement procedures to verify that a person or entity seeking access to electronic information is who they claim to be

  • Make sure workstations and servers require pins or passwords to access

5. Transmission Security – Implement technical security measures to guard against unauthorized access to electronic information that is being transmitted over an electronic communications network

  • Make sure and data transmitted is secure (secure email, secure patient portals)