As with the Privacy Rule, the Security Rule is also an important provision that data centers should be compliant with.
Security Rule: The Security Rule complements the Privacy Rule. While the Privacy Rule pertains to all Protected Health Information (PHI) including paper and electronic, the Security Rule deals specifically with Electronic Protected Health Information (EPHI). It essentially identifies the three types of security safeguards required for compliance:
EMR: Regarding Electronic Medical Records, the HIPAA Privacy Rule and Security Rule provisions essentially account for the safekeeping of EMR’s. Thus, a HIPAA | EMR audit conducted in accordance with the HIPAA Privacy Rule and Security rule would test the safeguards of EMR’s, essentially including them in the scope of the audit.
And with the growth of data centers, co-location facilities, and other managed services entities, being compliant with HIPAA would be a smart move. Any organization that is physically housed in any data center would arguably require that very data center to be HIPAA compliant. Find a competent, well-skilled HIPAA auditor to assist you in this endeavor.