Skip to content

Latest commit

 

History

History
59 lines (49 loc) · 2.8 KB

24-hipaa_mapping_to_healthnote_controls.md

File metadata and controls

59 lines (49 loc) · 2.8 KB
layout
default

24. HIPAA Mappings to Health Note Controls

Below is a list of HIPAA Safeguards and Requirements and the Health Note controls in place to meet those.

Administrative Controls HIPAA Rule Health Note Control
Security Management Process - 164.308(a)(1)(i) Risk Management Policy
Assigned Security Responsibility - 164.308(a)(2) Roles Policy
Workforce Security - 164.308(a)(3)(i) Employee Policies
Information Access Management - 164.308(a)(4)(i) System Access Policy
Security Awareness and Training - 164.308(a)(5)(i) Employee Policy
Security Incident Procedures - 164.308(a)(6)(i) IDS Policy
Contingency Plan - 164.308(a)(7)(i) Disaster Recovery Policy
Evaluation - 164.308(a)(8) Auditing Policy
Physical Safeguards HIPAA Rule Health Note Control
Facility Access Controls - 164.310(a)(1) Facility and Disaster Recovery Policies
Workstation Use - 164.310(b) System Access, Approved Tools, and Employee Policies
Workstation Security - 164.310('c') System Access, Approved Tools, and Employee Policies
Device and Media Controls - 164.310(d)(1) Disposable Media and Data Management Policies
Technical Safeguards HIPAA Rule Health Note Control
Access Control - 164.312(a)(1) System Access Policy
Audit Controls - 164.312(b) Auditing Policy
Integrity - 164.312('c')(1) System Access, Auditing, and IDS Policies
Person or Entity Authentication - 164.312(d) System Access Policy
Transmission Security - 164.312(e)(1) System Access and Data Management Policy
Organizational Requirements HIPAA Rule Health Note Control
Business Associate Contracts or Other Arrangements - 164.314(a)(1)(i) Business Associate Agreements and 3rd Parties Policies
Policies and Procedures and Documentation Requirements HIPAA Rule Health Note Control
Policies and Procedures - 164.316(a) Policy Management Policy
Documentation - 164.316(b)(1)(i) Policy Management Policy
HITECH Act - Security Provisions HIPAA Rule Health Note Control
Notification in the Case of Breach - 13402(a) and (b) Breach Policy
Timelines of Notification - 13402(d)(1) Breach Policy
Content of Notification - 13402(f)(1) Breach Policy

Revisions

Revision Date Revision Description Notes
4/18/2019 Initial Initial
4/14/2020 Reviewed No changes
3/29/2021 Reviewed No changes
2/24/2022 Reviewed No changes
4/10/2023 Reviewed No changes
5/02/2024 Reviewed No changes