The Overall concepts at play are generally related to the GDPR requirements and HIPAA requirements and overlaps between those. The primary tenets are:
ΒΆ Industry Best Practices for Security
- Manage personal data with the appropriate security, including protection against unlawful or unauthorized processing, access, loss, destruction, or damage.
- Ensure the confidentiality, integrity, and availability of all electronically protected health information.
- Detect and safeguard against anticipated threats to the security of the information.
- Protect against anticipated impermissible uses or disclosures.
- Certify compliance by their workforce.
