THE RELATIONSHIP BETWEEN HIPAA Security AND ecommerce
HIPAA Security Rules
The Security Rule is spread over to health plans, healthcare centers, and any healthcare provider who conveys
health information through electronic mediums in connection with a business for which the Secretary of HHS has
approved standards under HIPAA and their business contacts. The HIPAA privacy rule protects the privacy of
separately perceptible health information known as protected health information (PHI), as described in the
Privacy Rule. The security rule protects a subcategory of information enclosed by the privacy rule, all
individually identifiable health information created by a covered entity, received, maintained, or transmitted
in electronic form.
The security rule needs protected entities to maintain reasonable and appropriate administrative, technical, and
physical protections for securing e-PHI. Precisely, covered entities must:
Guarantee the privacy, integrity, and accessibility of all e-PHI which they create, collect, maintain or
- Shield against reasonably anticipated, unauthorized uses or disclosures of sensitive data
Identify and protect in defense of rationally predicted threats to the security or integrity of the
- Ensure compliance through their workforce
The security rule that states "confidentiality" means that e-PHI is not accessible or disclosed to impermissible
persons. The confidentiality requirements of the security rule support the privacy rule's exclusions against
inappropriate uses and leaks of PHI. The security rule indorses the two different areas of maintaining the
integrity and availability of e-PHI as well. "Integrity" under the security rule means that e-PHI is not changed
or demolished unlawfully. Moreover, the "availability" under the security rule means that e-PHI is available and
operational on demand by an authorized person.
HHS identifies that covered entities range from the smallest provider to the most extensive multi-state health
plan. This is why the security rule is flexible and ascendable to allow protected entities to evaluate their own
needs and implement solutions suitable for their specific settings.