Scribd Logo
Upload

Welcome to Scribd!

  • HIPAA Security Required Vs Addressable

    Uploaded by

    bturnerjr
    4 views1 page
    This document outlines security standards and requirements for protecting health information. It includes requirements for risk analysis, risk management, security policies and procedures, workforce security, information access management, security incident procedures, contingency planning, and evaluation. Specific requirements addressed include documentation, sanctions policies, system activity review, assigned security responsibilities, authorization and supervision, and technical, administrative, and physical safeguards.

    Original Description:

    Security Role

    Original Title

    HIPAA Security Required vs Addressable

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document outlines security standards and requirements for protecting health information. It includes requirements for risk analysis, risk management, security policies and procedures, workforce security, information access management, security incident procedures, contingency planning, and evaluation. Specific requirements addressed include documentation, sanctions policies, system activity review, assigned security responsibilities, authorization and supervision, and technical, administrative, and physical safeguards.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views1 page

    HIPAA Security Required Vs Addressable

    Uploaded by

    bturnerjr
    This document outlines security standards and requirements for protecting health information. It includes requirements for risk analysis, risk management, security policies and procedures, workforce security, information access management, security incident procedures, contingency planning, and evaluation. Specific requirements addressed include documentation, sanctions policies, system activity review, assigned security responsibilities, authorization and supervision, and technical, administrative, and physical safeguards.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Risk Analysis (R)

    Updates (R)

    Risk Management (R)

    Availability (R) Documentation Security management process


    (§ 164.308(a)(1)(i))
    Sanctions Policy (R)

    Time Limits (R)

    Information System Activity Review (R)


    Organizational Requirements
    Group Health Plans (R) (§ 164.314)

    Assigned Security Responsibility


    (§ 164.308(a)(2)) (R)
    Policies and Procedures (R)

    Authorization and/or Supervision (A)


    Business Associate Contracts
    Or Other Arrangements (R)
    Workforce Security Workforce Clearance Procedure (A)
    (§ 164.308(a)(3)(i))
    Encryption (A)

    Transmission Security Termination Procedures (A)


    164.312(e)(1)
    Integrity Controls (A)

    Isolating Health Care


    Clearinghouse Function (R)

    Person or Entity Authentication 164.312(d) (R).


    Information Access Management
    Access Authorization (A)
    (§ 164.308(a)(4))
    Mechanism to Authenticate Integrity
    Electronic PHI (A)
    164.312(c)(1) Technical Safeguards
    Access Establishment and Modification (A)
    (§ 164.312)

    Audit Controls Security Reminders (A)


    164.312(b) (R)
    Administrative Safeguards
    (§ 164.308)
    Protection from Malicious Software (A)
    Encryption and Decryption (A)
    Required vs Addressable Security Awareness and Training
    (§ 164.308(a)(5)(i))
    Log-in Monitoring (A)
    Emergency Access Procedure (R)

    Access Control
    164.312(a)(1) Password Management (A)
    Automatic Logoff (A)

    Security Incident Procedures Response and Reporting (R


    Unique User Identification (R)
    (§ 164.308(a)(6))

    Data Backup and Storage (A)


    Data Backup Plan (R)

    Accountability (A)
    Disaster Recovery Plan (R)
    Device and Media Controls
    164.310(d)(1)
    Media Re-use (R) Contingency Plan
    Emergency Mode Operation Plan (R)
    (§ 164.308(a)(7)(i))

    Disposal (R)
    Testing and Revision Procedure (A)

    Workstation Security 164.310(c) (R Physical Safeguards Applications and Data Criticality Analysis (A)

    (§ 164.310)

    Workstation Use 164.310(b) (R) Evaluation


    (§ 164.308(a)(8)) (R)

    Maintenance Records (A)

    Business Associate Contracts or Other Arrangements Written Contract or


    Other Arrangement (R)
    (§ 164.308(b)(1))
    Facility Security Plan (A)

    Facility Access Controls


    164.310(a)(1)
    Access Control and
    Validation Procedures (A)

    Contingency Operations (A)

    You might also like