The Security Rule requires Covered Entities and Business Associates to protect against uses and disclosures of EPHI that are not permitted or required by the Privacy Rule. To do that they must implement Security Measures consisting of appropriate Administrative, Physical and Technical Safeguards to ensure the Confidentiality, Integrity, and Security of EPHI they create, receive, maintain or transmit. Accordingly, Security Rule Safeguards protecting EPHI count as Administrative, Technical and Physical Safeguards to protect the Privacy of PHI required by the Privacy Rule. Covered Entities and Business Associates must protect against reasonably anticipated threats to the security or integrity of EPHI and ensure compliance with the Security Rule by their Workforce.