# Term:Addressable

## NIST SP 800-66r1

Addressable - Describing 21 of the HIPAA Security Rule's 42 implementation specifications. To meet the addressable implementation specifications, a covered entity must (i) assess whether each [[Term:implementation specification | implementation specification]] is a reasonable and appropriate safeguard in its environment, when analyzed with reference to the likely contribution to protecting the entity's [[Term:electronic protected health information | electronic protected health information]]; and (ii) as applicable to the entity - (A) Implement the [[Term:implementation specification | implementation specification]] if reasonable and appropriate; or (B) if implementing the [[Term:implementation specification | implementation specification]] is not reasonable and appropriate-(1) document why it would not be reasonable and appropriate to implement the [[Term:implementation specification | implementation specification]]; and (2) implement an equivalent alternative measure if reasonable and appropriate. [45 C.F.R. Sec. 164.306(d)(3)]

## NIST SP 800-66

Addressable - Describing 21 of the HIPAA Security Rule's 42 implementation specifications. To meet the addressable implementation specifications, a covered entity must- (i) Assess whether each [[Term:implementation specification | implementation specification]] is a reasonable and appropriate safeguard in its environment, when analyzed with reference to the likely contribution to protecting the entity's [[Term:electronic protected health information | electronic protected health information]]; and (ii) As applicable to the entity - (A) Implement the [[Term:implementation specification | implementation specification]] if reasonable and appropriate; or (B) If implementing the [[Term:implementation specification | implementation specification]] is not reasonable and appropriate-(1) Document why it would not be reasonable and appropriate to implement the [[Term:implementation specification | implementation specification]]; and (2) Implement an equivalent alternative measure if reasonable and appropriate. [45 C.F.R. Sec. 164.306(d)(3)]