HIPAA
This page provides an overview of the HIPAA compliance policy and the current HIPAA requirements & controls monitored in SECBERUS.
Overview
The Health Insurance Portability and Accountability Act (HIPAA) was developed to protect the privacy and security of electronic protected health information (e-PHI). The full text of this US Public Law 104-191 is available here..
Supported HIPAA Controls
| HIPAA Citation | Name | Regulation Text |
|---|---|---|
| 164.312(a)(1) | Access Control | Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in §164.308(a)(4). |
| 164.312(a)(2)(iv) | Access Control — Encryption and Decryption | Implement a mechanism to encrypt and decrypt electronic protected health information. |
| 164.312(b) | Audit Controls | Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information. |
| 164.312(d) | Person or Entity Authentication | Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed. |
| 164.312(e)(2)(i) | Transmission Security — Integrity Controls | Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of. |
| 164.312(e)(2)(ii) | Transmission Security – Encryption | Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate. |
| 164.308(a)(5)(ii)(C) | Security Awareness and Training - Log-in Monitoring | Procedures for monitoring log-in attempts and reporting discrepancies. |
| 164.308(a)(5)(ii)(D) | Security Awareness and Training - Password Management | Procedures for creating, changing, and safeguarding passwords. |
| 164.308(a)(7)(ii)(A) | Contingency Plan - Data Backup Plan | Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information |
If there is a specific requirement not included here that you would like to monitor, please email [email protected].
Updated 6 months ago