The Health Insurance Portability and Accountability Act (HIPAA) Security Rule
The HIPAA Security program is driven by standards for the security of electronic protected health information to be implemented by covered entities under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)
and the HIPAA Security Rule,
45 CFR Parts 160 and
164. The Department of Defense (DoD) has implemented the HIPAA Security Rule under DoD 8580.02-R, DoD Health Information Security Regulation, July 12, 2007.
The HIPAA Security Program aims to ensure covered entities that "collect, maintain, use or transmit" electronic protected health information (ePHI) must implement "reasonable and appropriate administrative, physical and technical safeguards" that ensure integrity, availability and confidentiality. Such measures - notably in the form of policies and procedures - must provide protection against "any reasonably anticipated threats or hazards," ensure that the information is used and disclosed only as permitted by the Privacy Rule, and ensure that the covered entity's workforce complies with the Security rule.