Chapter 13: Technical Safeguards

Highlights

This chapter enumerates and explains steps for implementing and deploying technical safeguards, based upon the size of constituency (small, medium, large), business constraints, and technical feasibility. Policies, standards, guidelines and procedures, outlined in the project plan and in the risk analysis step, are used to identify and select appropriate technical safeguards to close the gaps and address vulnerabilities.

The chapter's content follows the structure of technical safeguards from the Final Security Rule ( § 164.312 Technical safeguards). While the Privacy Rule also requires technical safeguards, they are based on the foundation created by the Security Rule, and are not separately addressed here.

This chapter looks at the available protection mechanism for each category of safeguards, and provides a number of possible solutions for typical entities. Since this SBS book provides HIPAA- related implementation guidelines, and not a publication on enterprise security in general, and because software and hardware market has a multitude of possible solutions and products, only few most suitable approaches are discussed in details, while alternatives are simply references for completeness. To avoid improper and undesired biases when it comes to commercial products, examples are based on open source or free products, which, at least, should demonstrate the discussed concept. For available commercial products and their comparison, using appropriate vendor-specific literature is recommended in addition to this SBS guide.

A special provision is made for small offices, to help them cope with additional costs imposed by HIPAA. Their needs and peculiarities are discussed in the section 13.9.