HIPAA requires implementation of technical policies and procedures for electronic information systems that maintain electronic protected health information (ePHI) to allow access only to those persons or software programs that have been granted access rights [§164.312(a)] as specified in the administrative safeguards under access authorization, establishment, and modification [§164.308(a)(4)].
