| HIPAA Security Rule Reference | Safeguard (R) = Required, (A) = Addressable | Status
(Complete, N/A) |
| Administrative Safeguards | ||
| 164.308(a)(1)(i) | Security management process: Implement policies and procedures to prevent, detect, contain, and correct security violations. | |
| 164.308(a)(1)(ii)(A)
|
Has a risk analysis been completed using IAW NIST Guidelines? (R) | |
| 164.308(a)(1)(ii)(B)
|
Has the risk management process been completed using IAW NIST Guidelines? (R) | |
| 164.308(a)(1)(ii)(C)
|
Do you have formal sanctions against employees who fail to comply with security policies and procedures? (R) | |
| 164.308(a)(1)(ii)(D)
|
Have you implemented procedures to regularly review records of IS activity such as audit logs, access reports, and security incident tracking? (R) | |
| 164.308(a)(2)
|
Assigned security responsibility: Identify the security official who is responsible for the development and implementation of the policies and procedures required by this subpart for the entity. | |
| 164.308(a)(3)(i)
|
Workforce security: Implement policies and procedures to ensure that all members of workforce have appropriate access to EPHI, as provided under paragraph (a)(4) of this section, and to prevent those workforce members who do not have access under paragraph (a)(4) of this section from obtaining access to electronic protected health information (EPHI). | |