HIPAA

This page provides an overview of the HIPAA compliance policy and the current HIPAA requirements & controls monitored in SECBERUS.

Overview

The Health Insurance Portability and Accountability Act (HIPAA) was developed to protect the privacy and security of electronic protected health information (e-PHI). The full text of this US Public Law 104-191 is available here..

Supported HIPAA Controls

HIPAA Citation

Name

Regulation Text

164.312(a)(1)

Access Control

Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in §164.308(a)(4).

164.312(a)(2)(iv)

Access Control — Encryption and Decryption

Implement a mechanism to encrypt and decrypt electronic protected health information.

164.312(b)

Audit Controls

Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.

164.312(d)

Person or Entity Authentication

Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.

164.312(e)(2)(i)

Transmission Security — Integrity Controls

Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of.

164.312(e)(2)(ii)

Transmission Security – Encryption

Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate.

164.308(a)(5)(ii)(C)

Security Awareness and Training - Log-in Monitoring

Procedures for
monitoring log-in attempts and
reporting discrepancies.

164.308(a)(5)(ii)(D)

Security Awareness and Training - Password Management

Procedures for
creating, changing, and
safeguarding passwords.

164.308(a)(7)(ii)(A)

Contingency Plan - Data Backup Plan

Establish and
implement procedures to create
and maintain retrievable exact
copies of electronic protected
health information

❗️

If there is a specific requirement not included here that you would like to monitor, please email [email protected].