HIPAA compliance basics: Confidentiality, integrity, and availability

September 27th, 2020
HIPAA compliance basics: Confidentiality, integrity, and availability

Few organizations hold information as sensitive as those in healthcare. With the Health Insurance Portability and Accountability Act (HIPAA) regulations in place, businesses with protected health information (PHI) can ensure their data stays private, secure, and available to those with permitted access.

This “rule” establishes the administrative, physical, and technical security measures one must have in place to comply with HIPAA regulations. By addressing these safeguards, a business can maintain the HIPAA CIA (confidentiality, integrity, and availability) of their PHI. This is also known as the “CIA triad”.

We dive into the basics of these measures and the HIPAA CIA triad below, and how Healthy IT can assist with upgrading your security.

Breaking down the CIA triad

As mentioned, confidentiality, integrity, and availability are key players of HIPAA compliance. Successfully addressing these areas is a crucial indicator of one’s ability to comply with industry regulations, but what does each component entail?


Confidentiality refers to protecting the privacy of PHI, ensuring this information is inaccessible to those unauthorized or without permission. Those allowed to access PHI are highly recommended to undergo cybersecurity awareness training to equip them with the knowledge of potential security risks.

When ensuring the confidentiality of PHI, businesses must have the appropriate technical, physical, and administrative safeguards in place, as outlined by the HIPAA Security Rule.


Maintaining the integrity of PHI is the act of maintaining its original quality and state, ensuring such data is not altered, manipulated, or destroyed by unauthorized users throughout its life cycle. Achieving this means adhering to the administrative and technical safeguards outlined by the HIPAA Security Rule.

Businesses must have quality, trusted security systems in place to closely monitor any changes authorized or otherwise made to PHI.


Finally, availability refers to an organization’s ability to keep their hardware and software systems intact, and making sure PHI is easily accessible to those authorized to do so. Achieving this involves implementing the proper technical and physical safeguards.

Using encryption software and having effective backup procedures are just a few basic security practices to keeping PHI intact. This guarantees such information stays readily available and unaltered in case of a security breach.

What are technical, administrative, and physical safeguards?

Now that we’ve broken down the core components of a HIPAA compliance, let’s explore what technical, administrative, and physical safeguards entail.

Technical safeguards

Technical safeguards refer to the software and hardware systems in place to maintain network and data security. Antivirus programs, encryption, firewalls, and other common digital measures all fall under this category, effectively reducing the risk and damage of a cybersecurity breach.

Physical safeguards

In contrast to technical safeguards, physical safeguards refer to the on-site measures a business takes in protecting their PHI. This includes protection of the physical infrastructure, devices, and equipment containing sensitive information, which typically include physical locks or an installed security system to alert staff members of a break-in.

Administrative safeguards

Administrative security involves the internal policies and training implemented to secure an organization’s PHI. This includes maintaining employee awareness of cybersecurity and having documented procedures or regulations in place to ensure data protection. Staff members can then follow these guidelines to maintain PHI security and mitigate the risk of human error.

Building your knowledge of HIPAA regulations is critical to PHI protection, but implementing the required measures is another challenge. To successfully meet all standards set by the HIPAA Security Rule, one must invest in an effective compliance program, and the proper security solutions alongside it by prioritizing the HIPAA CIA of confidentiality, integrity, and accountability.

Healthy IT specializes in offering New York healthcare and dental practices with the data security solutions (and other general IT services) their business needs. Get in touch today to see how our experts can further your PHI safety, from disaster recovery and backup solutions to comprehensive managed IT services.