District of Columbia Department of Health
State Center for Health Statistics Administration

HIPAA Privacy and Security Regulations:
A Synopsis of the Relevant Mandates of
Title II (Administrative Simplification)

What is the Difference between Security and Privacy?

Security—relates to the means (process and technology) by which an entity protects the privacy of health information. The goals of security measures are to keep information secured, and decrease the means of tampering, destruction, or inappropriate access. There are four categories of requirements:

• Administrative Procedures—documented, formal practices to protect data 
• Physical Safeguards—protect data from fire, other natural and environmental hazards, and intrusion 
• Technical Security Services—protect information and control individual access to information 
• Technical Security Mechanisms—guard against unauthorized access to data over communications network 

Privacy—refers to the individual’s right to keep certain information private, unless that information will be used or disclosed with his or her permission. Privacy topics include:

• Scope of Providers who must Comply 
• Rights of Individuals 
• Consent/Authorization Issues/Procedures/Processes 
• Business Associates Requirements 
• Organized Health Care Arrangements 

Note: there are civil penalties when entities/individuals violate the privacy rule.

Security and privacy are very intertwined--security assures privacy

Click here to go back to HIPAA Overview...