Access Control

A provider must implement technical policies and procedures that allow only authorized persons to access electronic protected health information (e-PHI). 

Audit Controls

A provider must implement hardware, software, and/or procedural mechanisms to record and examine access and other activity in information systems that contain or use e-PHI. 

Integrity Controls

A provider must implement policies and procedures to ensure that e-PHI is not improperly altered or destroyed. Electronic measures must be put in place to confirm that e-PHI has not been improperly altered or destroyed. 

Transmission Security

 A provider must implement technical security measures that guard against unauthorized access to e-PHI that is being transmitted over an electronic network.