By Robert McDermott, President/CEO; iCoreConnect

This is the fourth article of a five-part series that looks at the area of HIPAA law known as “Technical Safeguards.” Technical safeguards are designed to protect electronic Protected Health Information (ePHI) from internal and external risks. Implementation of these safeguards is required by law, and helps you avoid costly fines. In this brief article, we address “Integrity,” Regulation §164.312(c)(1).

How is the “Integrity” safeguard defined?

A covered entity must implement policies and procedures to protect electronic protected health information from improper alteration or destruction.² This safeguard applies from the time of data creation through storage—a minimum requirement of 6 years³ Regulation §164.316(b)(1).

What factors can compromise ePHI?


  • Staff or business associates can change or enter false data.
  • Systems can be hacked.


  • Software or programming bugs
  • Computer viruses
  • Hard drive or storage failure

What can I do to maintain Integrity?

  • Implement a system that automatically checks for data integrity.
  • Ensure that changes only happen when required, verified, documented and approved.
  • Use off-site, HIPAA-compliant servers, across multiple locations for all data storage and backup.

Why is the integrity of data important?

The integrity of data affects patient care decisions. Accidental or intentional changes to patient information can cause harm or even death to the patient. Changes may also indicate tampering to HIPAA investigators. Finally, compromised records can also result in business loss and adverse financial effects.

All ePHI must meet the standards set by the National Institute of Standards and Technology, regardless of whether the information is in transit or at rest. For more information about “Authentication,” call iCoreConnect at 888-810-770, or visit iCoreConnect’s HIPAA-compliant email exchange (iCoreExchange) and practice management software (iCoreDental) are endorsed by TDA Perks Program.