HIPAA or the Health Insurance Portability and Accountability Act is a law created in 1996 to protect private health information that can be created, received, maintained, or transmitted (Secretary & (OCR), 2013). In order to protect a person’s electronic private health information (ePHI), certain safeguards are put into place. These safeguards are the administrative, physical, and technical safeguards that CEss and BAs must utilize to secure ePHI. Ensuring that there are policies and procedures in place, installing physical barriers, and having the technology needed is essential to securing ePHI. Information system components that are needed to protect the confidentiality and integrity of ePHI can include health information system resources, data management, data sources, dissemination, etc. Keeping up to date on the latest security incidents, consistently updating software, ensuring compliance, and other simple controls can be implemented to safeguard ePHI. 

Secretary, H., & (OCR), O. (2013, July 26). Summary of the HIPAA Security Rule. Retrieved November 27, 2020, from https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html