The HIPAA Security Rules establish national standards for protecting electronic protected health information (ePHI) that is created, received, used, or maintained by covered entities and business associates. The Security Rules require appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. The rules are divided into required and addressable implementation specifications, with three main safeguard categories: administrative safeguards (security management, assigned security responsibility, workforce training, etc.), physical safeguards (facility access controls, workstation security, etc.), and technical safeguards (access controls, audit controls, integrity controls, transmission security, etc.).