Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

What are administrative, physical and technical safeguards?

Picture of Kirsten Peremore Kirsten Peremore July 05, 2023

HIPAA Compliance Risk management
What are administrative, physical and technical safeguards?

Administrative, technical, and physical safeguards protect sensitive information held by covered entities and business associates. These safeguards aim to create a comprehensive and multi-layered approach to prevent any potential unauthorized access, disclosure, alteration, or destruction of protected health information (PHI). 

Related: A guide to HIPAA's rules

 

Administrative Safeguards

What are administrative safeguards?

Administrative safeguards are a set of policies, procedures, and practices that organizations can implement to ensure the overall security of their systems. These safeguards specifically maintain confidentiality, integrity, and availability of data. 

 

Examples of administrative safeguards

  • Designated security officers
  • Security risk Management
  • Security incident response
  • Employee background checks
  • Password policies
  • Data classification and handling

 

Implementation

  1. Develop and enforce security policies and procedures.
  2. Designate a security officer or team responsible for security oversight.
  3. Conduct regular risk assessments to identify vulnerabilities and risks.
  4. Train employees on security awareness and their roles in safeguarding information.
  5. Implement access controls and user management processes.
  6. Establish an incident response and business continuity plans.
  7. Conduct regular audits and reviews of security controls.
  8. Monitor and manage third-party vendors and business associates.
  9. Document security incidents and maintain an incident response process.
  10. Regularly review and update security policies and procedures.

HIPAA compliant email you can set and forget

Physical Safeguards

What are physical safeguards?

Physical safeguards are a set of measures implemented to protect an organization's physical infrastructure and assets, including the facilities, equipment, and storage areas where sensitive information is stored or processed. These safeguards prevent unauthorized access, theft, damage, or loss of physical assets that could compromise the security data. 

 

Examples of physical safeguards

  • Perimeter Security
  • Visitor Management
  • Alarm Systems and Intrusion Detection
  • Secure Storage for Equipment
  • Fire Suppression Systems
  • Physical Barriers for Data Cables

 

Implementation

  1. Control physical access to facilities and sensitive areas.
  2. Implement secure facility design and environmental controls.
  3. Utilize video surveillance and monitoring systems.
  4. Implement secure storage for physical media and equipment.
  5. Manage and track the disposal of sensitive information and equipment.
  6. Restrict access to server rooms and network infrastructure.
  7. Implement procedures for managing visitors and unauthorized individuals.
  8. Conduct background checks for employees with physical access.

 

Technical Safeguards

What are technical safeguards?

Technical safeguards involve using technology-based measures to control access, encrypt data, monitor activities, prevent unauthorized changes, and respond to security incidents. These measures help ensure the security and protection of electronic information.

 

Examples of technical safeguards

  • Firewalls
  • Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)
  • Data Encryption
  • Access Control Systems
  • Secure Authentication
  • Data Loss Prevention (DLP)

 

Implementation

  1. Control physical access to facilities and sensitive areas.
  2. Implement secure facility design and environmental controls.
  3. Utilize video surveillance and monitoring systems.
  4. Implement secure storage for physical media and equipment.
  5. Manage and track the disposal of sensitive information and equipment.
  6. Restrict access to server rooms and network infrastructure.
  7. Make use of HIPAA compliant communication like HIPAA compliant email.
  8. Conduct background checks for employees with physical access.

Applying safeguards in organizations of different sizes

Small Organizations

  • Limited resources and budgets may prioritize essential safeguards.
  • Simplified security policies and procedures due to smaller operations.
  • Reliance on outsourced services for technical safeguards and data storage.

 

Medium-Sized Organizations

  • Increased complexity with diverse systems and larger employee populations.
  • Dedicated security roles or teams responsible for safeguard implementation.
  • Flexibility to adopt more advanced technical safeguards tailored to their needs.

 

Large Organizations

  • Distributed operations requiring consistent safeguard implementation across locations.
  • Comprehensive security policies and procedures addressing complex operations.
  • Advanced technologies like SIEM, IDS, and SOCs for enhanced security.

Related: What is the HIPAA Security Rule?

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.