hipaa Controls
21 controls across 1 framework.
HIPAA
Implement a security management process to prevent, detect, contain, and correct security violations
Administrative Safeguards / Security Management Process
Designate a security official responsible for developing and implementing security policies and procedures
Administrative Safeguards / Assigned Security Responsibility
Implement procedures to ensure workforce members have appropriate access to ePHI and prevent unauthorized access
Administrative Safeguards / Workforce Security
Implement policies and procedures for authorizing access to ePHI
Administrative Safeguards / Information Access Management
Implement a security awareness and training program for all workforce members
Administrative Safeguards / Security Awareness and Training
Implement policies and procedures to address security incidents involving ePHI
Administrative Safeguards / Security Incident Procedures
Establish and implement contingency plans to respond to emergencies that damage systems containing ePHI
Administrative Safeguards / Contingency Plan
Perform periodic technical and non-technical evaluations of security controls in response to environmental or operational changes
Administrative Safeguards / Evaluation
Obtain satisfactory assurances from business associates that they will appropriately safeguard ePHI
Administrative Safeguards / Business Associate Contracts
Ensure contracts or other arrangements with business associates meet HIPAA requirements and provide satisfactory assurances of ePHI protection
Organizational Requirements / Business Associate Contract Requirements
Implement reasonable and appropriate policies and procedures to comply with the HIPAA Security Rule
Policies & Procedures / Policy Implementation
Maintain written security policies, procedures, and records for six years from creation or last effective date
Policies & Procedures / Documentation
Implement policies and procedures to limit physical access to electronic information systems and the facilities where they are housed
Physical Safeguards / Facility Access Controls
Specify the proper functions to be performed by workstations that access ePHI and the manner in which those functions are to be performed
Physical Safeguards / Workstation Use
Implement physical safeguards for all workstations that access ePHI to restrict access to authorized users
Physical Safeguards / Workstation Security
Implement policies and procedures governing the receipt, removal, and disposal of hardware and electronic media containing ePHI
Physical Safeguards / Device and Media Controls
Implement technical policies and procedures to allow access to ePHI only to authorized persons or software programs
Technical Safeguards / Access Control
Implement hardware, software, and procedural mechanisms that record and examine activity in systems containing ePHI
Technical Safeguards / Audit Controls
Implement policies and procedures to protect ePHI from improper alteration or destruction
Technical Safeguards / Integrity
Implement procedures to verify that a person or entity seeking access to ePHI is who they claim to be
Technical Safeguards / Person or Entity Authentication
Implement technical security measures to guard against unauthorized access to ePHI transmitted over electronic communications networks
Technical Safeguards / Transmission Security