HIPAA established the Security Rule to ensure that all covered entities have implemented safeguards to protect the confidentiality, integrity, and access of PHI.
There are two types of implementation specifications: “required” and “addressable.” Wherever the Security Rule reads “required,” that specification must be implemented; whereas, if it says “addressable,” there is some wiggle room in exactly how you comply with that specific standard.
The HIPAA Security Rule is multifaceted. For a close read, please check out the article in our Support Center article here.