This document discusses protecting electronic protected health information (EPHI) as required by the HIPAA Security Rule. It outlines three principles for protecting EPHI: confidentiality, integrity, and availability. It also discusses administrative, technical, and physical safeguards, penalties for noncompliance, and required annual training. Users are responsible for choosing strong passwords, logging out of applications, taking responsibility for accessed information, and appropriate internet use. Specific email guidelines prohibit chain emails and require encryption of outbound EPHI. Users must comply with policies and report any security concerns.