NRPM: Standards for Privacy of Individually Identifiable Health Information. 7. Safeguards. (§164.518(c))


A covered entity would have to establish administrative, technical, and physical safeguards to protect the privacy of protected health information from unauthorized access or use. For a small provider, this may mean having the ability to securely lock up any record that are not being used and ensuring that records are not kept in an area where anyone who is not authorized could view them.