Professional Documents
Culture Documents
Contingency Plan
Evaluation
Business Associate Contracts and Other Arrangement
Workstation Use
Workstation Security
Access Control
Audit Controls
Integrity
Person or Entity Authentication
Transmission Security
TOTAL
164.310(c)
164.310(d)(1)
Disposal (R)
Media Re-use (R)
Accountability (A)
Data Backup and Storage (A)
164.312(a)(1)
Unique User Identification (R)
Emergency Access Procedure (R)
Automatic Logoff (A)
Encryption and Decryption (A)
164.312(b)
164.312(c)(1)
Mechanism to Authenticate Electronic Protected Health
Information (A)
164.312(d)
164.312(e)(1)
Integrity Controls (A)
Encryption (A)
Limiting uses or disclosures of PHI to only those (i)
provided for within their business associate agreement
or (ii) permitted or
required under HIPAA
Limiting permissible disclosures or requests for
disclosures of PHI to the minimum necessary
Providing an accounting of disclosures;
Providing access to PHI kept in a designated record set
for covered entities or individuals
Providing PHI to the U.S. Department of Health and
Human Services (HHS) to demonstrate compliance
during investigations
Entering into business associate agreements with
subcontractors that comply with the provisions
governing business associate agreements
between covered entities and business associates
Maintaining compliance records and submitting reports
to HHS when HHS requires such disclosures to
determine whether a covered entity
Controls
N/A
70
REMARKS/IMPLEMENTATION
361.35