In order to comply with the Security Rule of the Health Insurance Portability and Accountability Act (HIPAA), you need to maintain an ongoing security program. The HIPAA Security Rule mandates security standards to safeguard electronic protected health information (ePHI) maintained by electronic health record (EHR) technology, with detailed attention to how ePHI is stored, accessed, transmitted, and audited. This rule is different from the HIPAA Privacy Rule, which requires safeguards to protect the privacy of protected health information (PHI) and sets limits and conditions on the use and disclosure of PHI.