164.312(c)(1) - Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.

Integrity is defined in the Security Rule, at § 164.304, as “the property that data or information have not been altered or destroyed in an unauthorized manner.” Protecting the integrity of EPHI is a primary goal of the Security Rule. EPHI that is improperly altered or destroyed can result in clinical quality problems for a covered entity, including patient safety issues. The integrity of data can be compromised by both technical and non-technical sources. Workforce members or business associates may make accidental or intentional changes that improperly alter or destroy EPHI. Data can also be altered or destroyed without human intervention, such as by electronic media errors or failures. The purpose of this standard is to establish and implement policies and procedures for protecting EPHI from being compromised regardless of the source.