Skip to Content

HIPAA - Integrity Controls 164.312(e)(2)(i)

485  Matthew Burdick September 29, 2022  Technical Safeguards

Overview:
Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of.


Action Items:
1) Obtain and review policies and procedures related to transmission security measures. Evaluate content relative to the specified criteria to determine that the security measures are implemented to ensure that electronically transmitted EPHI cannot be improperly modified without detection. Elements to review may include but are not limited to: The security measures in place to ensure that electronically transmitted ePHI has not been improperly modified without detection; How to detect if transmitted ePHI has been improperly modified
2) Obtain and review documentation demonstrating the implementation of security measures to protect electronic transmissions of EPHI. Evaluate the content to determine if the implemented security measures ensure that electronically transmitted PHI cannot be improperly modified without detection.


Related Documents:
1) Policies and procedures related to transmission security measures.
2) Documentation demonstrating the implementation of security measures to protect electronic transmissions of ePHI.


Additional Guidance:
Protecting the integrity of EPHI maintained in information systems was discussed previously in the Integrity standard. Integrity in this context is focused on making sure the EPHI is not improperly modified during transmission. A primary method for protecting the integrity of EPHI being transmitted is through the use of network communications protocols. In general, these protocols, among other things, ensure that the data sent is the same as the data received. There are other security measures that can provide integrity controls for EPHI being transmitted over an electronic communications network, such as data or message authentication codes, that a covered entity may want to consider.


Sample questions for covered entities to consider:
- What security measures are currently used to protect EPHI during transmission?
- Has the risk analysis identified scenarios that may result in modification to EPHI by unauthorized sources during transmission?
- What security measures can be implemented to protect EPHI in transmission from unauthorized access?
Not Rated
Secure Code