The Office for Civil Rights (OCR) is responsible for issuing annual guidance on the
provisions in the HIPAA Security Rule.1 (45 C.F.R. §§ 164.302 – 318.) This series of
guidances will assist organizations2 in identifying and implementing the most effective
and appropriate administrative, physical, and technical safeguards to secure electronic
protected health information (e-PHI). The guidance materials will be developed with
input from stakeholders and the public, and will be updated as appropriate.
The material in these guides and tools was developed from the experiences of Regional Extension Center staff in the performance of technical support and EHR implementation assistance to primary care providers. The information contained in this guide is not intended to serve as legal advice nor should it substitute for legal counsel. The guide is not exhaustive, and readers are encouraged to seek additional detailed technical guidance to supplement the information contained herein.
Reference in this web site to any specific resources, tools, products, process, service, manufacturer, or company does not constitute its endorsement or recommendation by the U.S. Government or the U.S. Department of Health and Human Services.