Healthcare providers (who are covered entities under HIPAA) must comply with the HIPAA Security Rule. The HIPAA Security Rule sets standards for ensuring that only those who should have access to electronic protected health information actually have access. Providers must meet and/or address these standards, in the form of specific technical, administrative and physical safeguards to comply with the Rule.

The Security Rule covers protected health information that is held or transmitted in electronic form. The Rule provides detailed implementation specifications that set out instructions for implementing particular standards. Some standards under the Rule are “required,” and providers must implement policies and/or procedures that meet what the implementation specification requires. Other standards are “addressable,” and providers must assess whether it is a reasonable and appropriate safeguard in the provider’s environment.

Sage's products provide features and functions that will help our customers meet their obligations under the Security Rule. For example, the Security Rule requires access controls, including unique user identification, and the ability of Sage's systems to implement user IDs and passwords can be an important part of meeting this required standard.

Sage is providing you with the following guidance concerning general security practices and frequently asked questions about the features of our products relevant to security to assist you in conducting your required security assessment and in coming into compliance with the HIPAA Security Rule.

Industry Links

The Center for Medicare and Medicaid Services

HIPAA - General Information