HIPAA Security Rules Addressed in Guided Assessment Administrative Safeguards HIPAA Security Rule Reference

Safeguard (Standard) (R) = Required, (A) = Addressable

164.308(a)(1)(i)

Security management process: Implement policies and procedures to prevent, detect, contain, and correct security violations.

164.308(a)(1)(ii)(A)

Risk analysis (R)

164.308(a)(1)(ii)(B)

Risk management process (R)

164.308(a)(1)(ii)(C)

Formal sanction policies and procedures (R)

164.308(a)(1)(ii)(D)

Regularly review records (audit logs, access reports, and security incident tracking) (R)

164.308(a)(2)

Assigned security responsibility

164.308(a)(3)(i)

Workforce security

164.308(a)(3)(ii)(A)

Authorization and/or supervision of employees who work with EPHI (A)

164.308(a)(3)(ii)(B)

Employee access to EPHI (A)

164.308(a)(3)(ii)(C)

Terminating access to EPHI (A)

164.308(a)(4)(i)

Information access management

164.308(a)(4)(ii)(A)

Clearinghouse policies and procedures (A)

164.308(a)(4)(ii)(B)

Policies and procedures for granting access to EPHI (A)

164.308(a)(4)(ii)(C)

EPHI modification policies and procedures (A)

164.308(a)(5)(i)

Security awareness and training

164.308(a)(5)(ii)(A)

Security reminders (A)

164.308(a)(5)(ii)(B)

Policies and procedures for detecting and reporting malicious software (A)

164.308(a)(5)(ii)(C)

Monitoring log-in attempts and reporting (A)

164.308(a)(5)(ii)(D)

Procedures for creating, changing, and safeguarding passwords (A)

164.308(a)(6)(i)

Security incident procedures

164.308(a)(6)(ii)

Identify, respond to, and document security incidents (R)

164.308(a)(7)(i)

Contingency plan

164.308(a)(7)(ii)(A)

Establish and implement policies and procedures for retrievable copies of EPHI. (R)

164.308(a)(7)(ii)(B)

Procedures to restore any loss of EPHI data stored electronically (R)

164.308(a)(7)(ii)(C)

Procedures to enable continuation of critical business processes and for protection of EPHI while operating in the emergency mode? (R)

164.308(a)(7)(ii)(D)

Procedures for periodic testing and revision of contingency plans? (A)

164.308(a)(7)(ii)(E)

Assess the relative criticality of specific applications and data in support of other contingency plan components? (A)

164.308(a)(8)

Establish a plan for periodic technical and non-technical evaluation, in response to environmental or operational changes affecting the security of EPHI, that establishes the extent to which an entity’s security policies and procedures (R)

164.308(b)(1)

Business associate contracts and other arrangements

164.308(b)(4)

Establish written contracts or other arrangements with your trading partners (R)

Status Complete, n/a

Physical Safeguards HIPAA Security Rule Reference

Safeguard (Standard) (R) = Required, (A) = Addressable

164.310(a)(1)

Facility access controls

164.310(a)(2)(i)

Procedures that allow facility access in support of restoration of lost data (A)

164.310(a)(2)(ii)

Policies and procedures to safeguard the facility and the equipment from unauthorized physical access, tampering, and theft (A)

164.310(a)(2)(iii)

Procedures to control and validate a person’s access to facilities based on his/her role or function (A)

164.310(a)(2)(iv)

Policies and procedures to document repairs and modifications to the physical components of a facility (A)

164.310(b)

Policies and procedures that specify the proper functions to be performed, the manner in which those functions are to be performed, and the physical attributes of the surroundings of a specific workstation or class of workstation that can access EPHI? (R)

164.310(c)

Physical safeguards for all workstations that access EPHI (R)

164.310(d)(1)

Device and media controls

164.310(d)(2)(i)

Policies and procedures to address final disposition of EPHI (R)

164.310(d)(2)(ii)

Procedures for removal of EPHI from electronic media (R)

164.310(d)(2)(iii)

Record for hardware and electronic media movements and person responsible (A)

164.310(d)(2)(iv)

Retrievable, exact copy of EPHI, before moving equipment (A)

Status Complete, n/a

Technical Safeguards HIPAA Security Rule Reference

Safeguard (Standard) (R) = Required, (A) = Addressable

164.312(a)(1)

Access controls

164.312(a)(2)(i)

User identity (R)

164.312(a)(2)(ii)

Procedures for obtaining EPHI during an emergency? (R)

164.312(a)(2)(iii)

Procedures that terminate an electronic session after a predetermined time of inactivity (A)

164.312(a)(2)(iv)

Mechanism to encrypt and decrypt EPHI (A)

164.312(b)

Record and examine activity in information systems that contain or use EPHI (R)

164.312(c)(1)

Policies and procedures to protect EPHI from improper alteration or destruction

164.312(c)(2)

Electronic mechanisms to corroborate that EPHI has not been altered or destroyed in an unauthorized manner (A)

164.312(d)

Person or entity authentication procedures to verify a person or entity seeking access EPHI is the one claimed (R)

164.312(e)(1)

Transmission security

164.312(e)(2)(i)

Security measures to ensure electronically transmitted EPHI are not improperly modified without detection until disposed of (A)

164.312(e)(2)(ii)

Mechanism to encrypt EPHI whenever deemed appropriate (A)

1275 West 1600 North | Orem, UT 84057 | www.securitymetrics.com

Status Complete, n/a

HIPAA Security Rule Checklist.2.pdf

Download. Connect more apps... Try one of the apps below to open or edit this item. HIPAA Security Rule Checklist.2.pdf. HIPAA Security Rule Checklist.2.pdf.
Download PDF
159KB Sizes 0 Downloads 126 Views
Report

Recommend Documents

HIPAA Security Rule Checklist.2.pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. Main menu.
man-47\hipaa-security-officer-job-description.pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item.
HIPAA Summary.pdf
Download. Connect more apps... Try one of the apps below to open or edit this item. HIPAA Summary.pdf. HIPAA Summary.pdf. Open. Extract. Open with. Sign In.
HIPAA Notice
Mesquite Fire Rescue is required by law to maintain ... notice of our legal duties and privacy practices with respect to ... not have to comply with your request if.
HIPAA Summary.pdf
Regulatory. Background. The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public. Law 104-191, was enacted on August 21, 1996.
HIPAA Summary.pdf
Whoops! There was a problem loading more pages. HIPAA Summary.pdf. HIPAA Summary.pdf. Open. Extract. Open with. Sign In. Main menu. Displaying HIPAA ...
802 HIPAA Training.pdf
Page 1. Whoops! There was a problem loading more pages. 802 HIPAA Training.pdf. 802 HIPAA Training.pdf. Open. Extract. Open with. Sign In. Main menu.
Guided HIPAA Compliance.pdf
Certified Information Systems Security Professional (CISSP). • Certified Information Systems Auditor (CISA) ... Displaying Guided HIPAA Compliance.pdf. Page 1 ...
HIPAA Privacy Practices.pdf
HIPAA Privacy Practices.pdf. HIPAA Privacy Practices.pdf. Open. Extract. Open with. Sign In. Main menu. Displaying HIPAA Privacy Practices.pdf. Page 1 of 3.
Rule
1 Oct 2017 - in which everyday life activities take place, and is related to the patient's physical disorder. Orthotics and ... canes, commodes, traction equipment, suction machines, patient lifts, weight scales, and other items ...... (iii) Elevator
Rule
Oct 1, 2017 - (8) BUREAU OF TENNCARE (BUREAU) shall mean the administrative unit of TennCare which is responsible for ..... (75) LONG-TERM CARE shall mean programs and services described under Rule 1200-13-01- .01. (76) MCC ...... tional or technical
Rule
Oct 1, 2017 - nance and Administration to provide TennCare-covered benefits to eligible enrollees in the. TennCare Medicaid and ..... fied psychiatrist or a person with at least a Master's degree and/or clinical training in an ac- cepted mental .....
Rule
Oct 1, 2017 - (26) CONTRACTOR shall mean an organization approved by the Tennessee Department of. Finance and Administration to provide TennCare-covered benefits to eligible enrollees in the. TennCare Medicaid and TennCare Standard programs. (27) CON
Rule
Oct 1, 2017 - U.S. Department of Justice, Drug Enforcement Administration or by the ...... TennCare shall not cover drugs considered by the FDA to be Less ...
Guided HIPAA Compliance.pdf
Guided HIPAA Compliance.pdf. Guided HIPAA Compliance.pdf. Open. Extract. Open with. Sign In. Main menu. Displaying Guided HIPAA Compliance.pdf.
HIPAA BAA - G Suite
following URL: www.google.com/work/apps/terms/2015/1/hipaa_functionality.html ... Functionality to Customer's Notification Email Address (whichever date is ...
HIPAA Compliance & Data Protection with Google Apps
must sign a Business Associate Agreement (BAA) with Google. ... things to focus on are key trends in the highlights section, overall exposure to data breach in.
HIPAA Compliance on Google Cloud Platform
This guide is intended for security officers, compliance officers, ... practice for information security controls based on the ISO/IEC. 27002 specifically for cloud services. Our ISO ... Google's comprehensive third party audit approach is designed t