Security Rule Guidance Material
In this section, you will find educational materials to help you learn more about the HIPAA Security Rule and other sources of standards for safeguarding electronic protected health information (e-PHI).
Security Rule Educational Paper Series
The HIPAA Security Information Series is a group of educational papers which are designed to give HIPAA covered entities insight into the Security Rule and assistance with implementation of the security standards.
Security 101 for Covered Entities
Organizational, Policies and Procedures and Documentation Requirements
Basics of Risk Analysis and Risk Management
Security Standards: Implementation for the Small Provider
HIPAA Security Guidance
HHS has developed guidance to assist HIPAA covered entities in complying with the risk analysis requirements of the Security Rule.
HHS has also developed guidance to provide HIPAA covered entities with general information on the risks and possible mitigation strategies for remote use of and access to e-PHI.
National Institute of Standards and Technology (NIST) Special Publications
NIST is a federal agency that sets computer security standards for the federal government and publishes reports on topics related to IT security. The following special publications are provided as an informational resource and are not legally binding guidance for covered entities.
NIST Special Publication 800-30: Risk Management Guide for Information Technology Systems
NIST Special Publication 800-52: Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations
NIST Special Publication 800-66: An Introductory Resource Guide for Implementing the HIPAA Security Rule
NIST Special Publication 800-77: Guide to IPsec VPNs
NIST Special Publication 800-88: Computer Security
NIST Special Publication 800-111: Guide to Storage Encryption Technologies for End User Devices
NIST Special Publication 800-113: Guide to SSL VPNs
Federal Information Processing Standards Publication 140-2