A provider must implement technical policies and procedures that allow only authorized persons to access electronic protected health information (e-PHI).
A provider must implement hardware, software, and/or procedural mechanisms to record and examine access and other activity in information systems that contain or use e-PHI.
A provider must implement policies and procedures to ensure that e-PHI is not improperly altered or destroyed. Electronic measures must be put in place to confirm that e-PHI has not been improperly altered or destroyed.
A provider must implement technical security measures that guard against unauthorized access to e-PHI that is being transmitted over an electronic network.