In the healthcare world, there’s often a lot of confusion between security and privacy — which are two interrelated but distinct IT issues on the cybersecurity spectrum.

Briefly, security addresses safeguarding data and systems, whereas privacy addresses safeguarding identity and specific parts of data. Both are critically important when it comes to healthcare, but they must be understood individually and within the context of operational functionality if there’s to be any hope of effective policy or sound implementation.

It can be difficult to grasp the distinctions and even harder to delineate their roles in best practices and various compliance requirements. For example, while they may go together like peanut butter and jelly, the HIPAA Privacy Rule and the HIPAA Security Rule are two different spreads in the same regulatory sandwich.