The HIPAA Security Rule is the federal regulation that sets standards for protecting electronic Protected Health Information (ePHI). It defines administrative, physical, and technical safeguards covered entities and business associates must implement.
The three safeguard categories
Administrative: security management, workforce training, access management, contingency planning. Physical: facility access controls, workstation security, device controls. Technical: access control, audit controls, integrity controls, transmission security.
Why this shows up in operations
Every safeguard category translates into a workflow the team has to run. Encryption at rest, encryption in transit, access logs, periodic review of access, incident response. The platform decides whether these are events the team performs or properties of the platform itself.