Regulations & Laws
HIPAA Security Rule
The HIPAA regulation that requires administrative, physical, and technical safeguards for electronic protected health information (ePHI). Codified at 45 CFR Part 164 Subpart C.
In depth
The Security Rule organizes safeguards into administrative (risk analysis, workforce training, sanctions), physical (facility access, device and media controls), and technical (access controls, audit logs, encryption, integrity, transmission security) categories. Its cornerstone is a documented, periodically updated Security Risk Assessment that identifies risks to ePHI and the measures taken to reduce them. Many requirements are “addressable,” meaning the pharmacy must implement them or document why an equivalent measure is reasonable.