Skip Navigation

Font Size Print Download Reader HHS Home|HHS News|About HHS

Health Information Privacy

Office for Civil Rights

Civil Rights

Health Information Privacy

HIPAA

Understanding HIPAA Privacy

HIPAA Administrative Simplification Statute and Rules

Breach Notification Rule

Other Administrative Simplification Rules

Enforcement Rule

Combined Text of All Rules

Enforcement Activities & Results

How to File a Complaint

Frequently Asked Questions

PSQIA

Understanding PSQIA Confidentiality

PSQIA Statute & Rule

Enforcement Activities & Results

How to File a Complaint

The Security Rule

The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.

The Security Rule is located at 45 CFR Part 160 and Subparts A and C of Part 164.

View the combined regulation text of all HIPAA Administrative Simplification Regulations found at 45 CFR 160, 162, and 164.

Security Rule History

February 20, 2003 – Security Standards – Final Rule (PDF)

August 12, 1998 – Security and Electronic Signature Standards - Proposed Rule (PDF)

Other Security Rule Notices and Materials

View the Federal Register notice of the Delegation of Authority (74 FR 38630).

View Security Rule Educational Paper Series and NIST Special Publications.