This entry is part 34 of 59 in the series Complete Guide to HIPAA Security Final Rule

(2) Implementation specifications:

(i) Integrity controls (Addressable).  Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of.

Tell Me More:

The Integrity Controls implementation specification requires covered entities to address implementing security measures to make sure that electronically transmitted electronic protected health information (EPHI)  is not improperly modified without detection until disposed of properly.

In reality the risk of illicitly intercepting ePHI and changing it is generally low.  However, it can happen.

A complete set of HIPAA Security Policies and Procedures may be purchased here.

Questions to consider:

  • Does the organization use or need to use electronic signatures? The electronic signature is currently the best way to verify that the data has not been altered.
  • Does the organization have procedures to use an integrity authentication mechanism to ensure the integrity of ePHI when it is transmitted? (e.g., digital signatures)
  • Does your organization have procedures in place to ensure that ePHI entries by authenticated users are tracked appropriately through audit trails and the changes are periodically reviewed to ensure integrity against changes made to ePHI without authorization?


Series Navigation<< 164.310(a)(2)(iv) Standard: Facility access controls – Maintenance records164.312(a)(2)(iv) Standard: Access control – Encryption and decryption >>

Michelle Caswell

Senior Director, Legal & Compliance at Clearwater Compliance
Michelle Caswell has over 14 years legal and healthcare experience and worked as a HIPAA Investigator for the U.S. Department of Health and Human Services, Office for Civil Rights where she ensured covered entities were in compliance with HIPAA, conducted complaint investigations and educated entities on HIPAA compliance. Michelle brings that experience to Clearwater Compliance as Senior Director, Legal and Compliance.