This page provides an overview of the HIPAA compliance policy and the current HIPAA requirements & controls monitored in SECBERUS.


The Health Insurance Portability and Accountability Act (HIPAA) was developed to protect the privacy and security of electronic protected health information (e-PHI). The full text of this US Public Law 104-191 is available here..

Supported HIPAA Controls

HIPAA CitationNameRegulation Text
164.312(a)(1)Access ControlImplement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in §164.308(a)(4).
164.312(a)(2)(iv)Access Control — Encryption and DecryptionImplement a mechanism to encrypt and decrypt electronic protected health information.
164.312(b)Audit ControlsImplement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.
164.312(d)Person or Entity AuthenticationImplement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.
164.312(e)(2)(i)Transmission Security — Integrity ControlsImplement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of.
164.312(e)(2)(ii)Transmission Security – EncryptionImplement a mechanism to encrypt electronic protected health information whenever deemed appropriate.
164.308(a)(5)(ii)(C)Security Awareness and Training - Log-in MonitoringProcedures for
monitoring log-in attempts and
reporting discrepancies.
164.308(a)(5)(ii)(D)Security Awareness and Training - Password ManagementProcedures for
creating, changing, and
safeguarding passwords.
164.308(a)(7)(ii)(A)Contingency Plan - Data Backup PlanEstablish and
implement procedures to create
and maintain retrievable exact
copies of electronic protected
health information


If there is a specific requirement not included here that you would like to monitor, please email [email protected].