HIPAA requires technical safeguards for systems handling PHI.
Access controls:
- Unique user identification
- Automatic logoff after inactivity
- Encryption mechanisms
Audit controls:
- Log all PHI access
- Review logs regularly
Transmission security:
- Encrypt PHI in transit over public networks
- TLS for web applications
HIPAA is not prescriptive. It does not specify which firewall or algorithm. You choose appropriate controls and document your decisions.