DISCLAIMER: The information provided in this article, other knowledge base articles, and the Compliancy Group website do not, and are not intended to, constitute legal advice. All information, content, and materials in the Knowledge Base and on the Compliancy Group website are for general informational purposes only.
Introduction
The Security Rule defines a number of security concepts that appear throughout the text of the rule. These concepts and their definitions are listed below. The definitions can be found at 45 CFR 164.304. For selected definitions, the rules in which the definitions is mentioned, are cited below.
Access means the ability or the means necessary to read, write, modify, or communicate data/information or otherwise use any system resource. (This definition applies to “access” as used in the Security Rule, not as used in the Breach Notification Rule or as used in the Privacy Rule.)
Administrative safeguards are administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity's or business associate's workforce in relation to the protection of that information. (45 CFR 164.308).
Authentication means the corroboration that a person is the one claimed. (45 CFR 164.312(d)).
Availability means the property that data or information is accessible and useable upon demand by an authorized person. (45 CFR 164.306).
Confidentiality means the property that data or information is not made available or disclosed to unauthorized persons or processes. (45 CFR 164.306).
Encryption means the use of an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without use of a confidential process or key. (45 CFR 164.312).
Facility means the physical premises and the interior and exterior of a building(s). (45 CFR 164.310).
Information system means an interconnected set of information resources under the same direct management control that shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people. (45 CFR 164.308(a)(1)).
Integrity means the property that data or information have not been altered or destroyed in an unauthorized manner. (45 CFR 164.312(c)).
Malicious software means software, for example, a virus, designed to damage or disrupt a system. (45 CFR 164.308(a)(5)).
Password means confidential authentication information composed of a string of characters. (45 CFR 164.308(a)(5)).
Physical safeguards are physical measures, policies, and procedures to protect a covered entity's or business associate's electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion. (45 CFR 164.310).
Security or Security measures encompass all of the administrative, physical, and technical safeguards in an information system.
Security incident means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system. (45 CFR 164.308(a)(6)).
Technical safeguards means the technology and the policy and procedures for its use that protect electronic protected health information and control access to it. (45 CFR 164.312).
User means a person or entity with authorized access.
Workstation means an electronic computing device, for example, a laptop or desktop computer, or any other device that performs similar functions, and electronic media stored in its immediate environment. (45 CFR 164.310).
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article