Skip Navigation

Security Rule Guidance Material

In this section, you will find educational materials to help you learn more about the HIPAA Security Rule and other sources of standards for safeguarding electronic protected health information (e-PHI).  

Security Rule Educational Paper Series 

The HIPAA Security Information Series is a group of educational papers which are designed to give HIPAA covered entities insight into the Security Rule and assistance with implementation of the security standards.  

Security 101 for Covered Entities

Administrative Safeguards 

Physical Safeguards 

Technical Safeguards 

Organizational, Policies and Procedures and Documentation Requirements

Basics of Risk Analysis and Risk Management 

Security Standards: Implementation for the Small Provider 

HIPAA Security Guidance

HHS has developed guidance to assist HIPAA covered entities in complying with the risk analysis requirements of the Security Rule.

Risk Analysis

HHS has also developed guidance to provide HIPAA covered entities with general information on the risks and possible mitigation strategies for remote use of and access to e-PHI.

Remote Use

National Institute of Standards and Technology (NIST) Special Publications

NIST is a federal agency that sets computer security standards for the federal government and publishes reports on topics related to IT security. The following special publications are provided as an informational resource and are not legally binding guidance for covered entities.

NIST Special Publication 800-30: Risk Management Guide for Information Technology Systems

NIST Special Publication 800-52: Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations

NIST Special Publication 800-66: An Introductory Resource Guide for Implementing the HIPAA Security Rule

NIST Special Publication 800-77: Guide to IPsec VPNs

NIST Special Publication 800-88: Computer Security

NIST Special Publication 800-111: Guide to Storage Encryption Technologies for End User Devices

NIST Special Publication 800-113: Guide to SSL VPNs

Federal Information Processing Standards Publication 140-2