HIPAA

164.312(a)(1)

Access Control

Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in §164.308(a)(4).

164.312(a)(2)(iv)

Access Control — Encryption and Decryption

Implement a mechanism to encrypt and decrypt electronic protected health information.

164.312(b)

Audit Controls

Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.

164.312(d)

Person or Entity Authentication

Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.

164.312(e)(2)(i)

Transmission Security — Integrity Controls

Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of.

164.312(e)(2)(ii)

Transmission Security – Encryption

Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate.

164.308(a)(5)(ii)(C)

Security Awareness and Training - Log-in Monitoring

Procedures for
monitoring log-in attempts and
reporting discrepancies.

164.308(a)(5)(ii)(D)

Security Awareness and Training - Password Management

Procedures for
creating, changing, and
safeguarding passwords.

164.308(a)(7)(ii)(A)

Contingency Plan - Data Backup Plan

Establish and
implement procedures to create
and maintain retrievable exact
copies of electronic protected
health information