Physical vs Logical vs Network Access Controls
- HIPAA technical safeguards for PHI include physical, logical, and network safeguards, meaning that the technology requirements apply not only to what you see (physical patient records, for example) but what you cannot see — PHI that is stored and transmitted through cloud-based applications.
What is the difference between physical, logical and network access controls?
- Physical access controls refer to the restriction of access to a location, often accomplished with a number of security methods that control and monitor who is entering a location and who is leaving.
- Logical access controls refer to restricting virtual access to data. It is a combination of identification, authentication, and authorization processes to protect hardware and software from unauthorized access.
- Network access controls are to prevent unauthorized users and devices from accessing a private network.
- All of these include safeguards to limit who has access to PHI as well as the environment hosting the software. HIPAA physical safeguards access controls include restricted access to data center facilities, 24 x7 guards and requiring valid government photo IDs for entering data centers. Logical access controls include complete separation between each customer environment, separate and defined server roles, and HIPAA Firewalls Between Public / Private Zones.