HIPAA’s security standards rule mandates national standards for how an organization such as a health plan handles and stores PHI. HIPAA dictates that Network Health take the following actions to secure PHI:

• Physical safeguards to guard data integrity, confidentiality, and availability — to ensure the protection of computer systems and related physical structures in which these systems are housed from fire, other natural and environmental hazards, and intrusion. These safeguards also include using locks, keys, and administrative measures to control access to computer systems and facilities.
• Technical security services to guard data integrity, confidentiality, and availability — to protect, control, and monitor information access.
• Technical security mechanisms to guard against unauthorized access to data that is transmitted over a communications network — to protect health information electronically transmitted over open networks against interception or interpretation by parties other than the intended recipient. These mechanisms are also intended to protect information systems from intruders who attempt to gain access through external communication points.
• Administrative procedures to guard data integrity, confidentiality, and availability — to provide structure within the organization for the development and implementation of the information security program.