Though the HIPAA security rule does not mandate that you implement security measures to determine whether the integrity of your electronic PHI has been compromised, it does make integrity controls an addressable standard. That means you must evaluate whether your organization's risk of integrity loss outweighs the expense of implementing controls. No matter the outcome, remember to document both your evaluation procedures and results.
If you decide your organization cannot risk integrity loss, use the following example to guide you in developing a strong, clear policy on establishing integrity controls.