HIPAA Security Rule was completed in 2003 and institutions were required to be in compliance with it by April 2005. Unlike privacy rule, which pertains to all the information that’s protected under HIPAA, security rule is deals with electronically stored information of patients’ health records. There are three main kinds of security rules: Administrative Safeguards – These include the following steps Covered entities must have privacy procedures and a privacy officer. All the procedures must identify the employees who have the access to electronic protected health information (EPHI). This access should be restricted to just those employees who need it to perform their job productively. Authorization, termination establishment and modification must be defined extensively Training to handle PHI must be given to employees who will be performing the administrative functions. Institutes which outsource their processes must ensure that the third-party also complies with HIPAA requirements. All entities must put a ...