© 2019 by SMS. Proudly created by SMS Integration.net

© 2019 smsintegration.net is not affiliated with or endorsed by any of the companies represented by the logo's on this site. The logo's used are the property of each respective entity and are used on this site for the sole purpose of easy navigation along with referencing. All names and logos used here are registered trademarks of their respective companies. Price, specifications and terms of offers are subject to change without notice. smsintegration.net is not responsible for typographical and/or photo-graphical errors.

See our terms and conditions by reading more

HIPAA Security Checklist HIPAA SECURITY RULE REFERENCE
SAFEGUARD (R) = REQUIRED, (A) = ADDRESSABLE

 

Administrative Safeguards

164.308(a)(1)(i) / Security Management Process: Implement policies and procedures to prevent, detect, contain, and correct security violations.

164.308(a)(1)(ii)(A) / Has a Risk Analysis been completed IAW NIST Guidelines? (R)

164.308(a)(1)(ii)(B) / Has the Risk Management process been completed IAW NIST Guidelines? (R)

164.308(a)(1)(ii)(C) / Do you have formal sanctions against employees who fail to comply with security policies and procedures? (R)

164.308(a)(1)(ii)(D) / Have you implemented procedures to regularly review records of IS activity such as audit logs, access reports, and security incident tracking? (R)

164.308(a)(2) / Assigned Security Responsibility: Identify the security official who is responsible for the development and implementation of the policies and procedures required by this subpart for the entity.

164.308(a)(3)(i) / Workforce Security: Implement policies and procedures to ensure that all members of its workforce have appropriate access to EPHI, as provided under paragraph (a)(4) of this section, and to prevent those workforce members who do not have access under paragraph (a)(4) of this section from obtaining access to electronic protected health information (EPHI).

164.308(a)(3)(ii)(A) / Have you implemented procedures for the authorization and/or supervision of employees who work with EPHI or in locations where it might be accessed? (A)

164.308(a)(3)(ii)(B) / Have you implemented procedures to determine that the Access of an employee to EPHI is appropriate? (A)

164.308(a)(3)(ii)(C) / Have you implemented procedures for terminating access to EPHI when an employee leaves you organization or as required by paragraph (a)(3)(ii)(B) of this section? (A)

164.308(a)(4)(i) / Information Access Management: Implement policies and procedures for authorizing access to EPHI that are consistent with the applicable requirements of subpart E of this part.

164.308(a)(4)(ii)(A) / If you are a clearinghouse that is part of a larger organization, have you implemented policies and procedures to protect EPHI from the larger organization? (A)

164.308(a)(4)(ii)(B) / Have you implemented policies and procedures for granting access to EPHI, for example,

through access to a workstation, transaction, program, or process? (A)

164.308(a)(4)(ii)(C) / Have you implemented policies and procedures that are based upon your access authorization policies, established, document, review, and modify a user’s right of access to a workstation, transaction, program, or process? (A)

164.308(a)(5)(i) / Security Awareness and Training: Implement a security awareness and training program for all members of its workforce (including management).