HIPAA Security Implementation, Version 1.0

3.2 ADMINISTRATIVE SAFEGUARDS GRID

Table 1: Administrative Safeguards

Standards

CFR Sections

Implementation Specifications

(R)=Required, (A)=Addressable

 

Security Management Process

164.308(a)(1)

Risk Analysis

(R)

   

Risk Management

(R)

   

Sanction Policy

(R)

   

Information Systems Activity Review

(R)

Assigned Security Responsibility

164.308(a)(2)

 

(R)

Workforce Security

164.308(a)(3)

Authorization and/or Supervision

(A)

   

Workforce Clearance Procedure

(A)

   

Termination Procedures

(A)

Information Access Management

164.308(a)(4)

Isolating Health care Clearinghouse Function

(R)

   

Access Authorization

(A)

   

Access Establishment and Modification

(A)

Security Awareness and Training

164.308(a)(5)

Security Reminders

(A)

   

Protection from Malicious Software

(A)

   

Log-in Monitoring

(A)

   

Password Management

(A)

Security Incident Procedures

164.308(a)(6)

Response and Reporting

(R)

Contingency Plan

164.308(a)(7)

Data Backup Plan

(R)

   

Disaster Recovery Plan

(R)

   

Emergency Mode Operation Plan

(R)

   

Testing and Revision Procedure

(A)

   

Applications and Data Criticality Analysis

(A)

Evaluation

164.308(a)(8)

 

(R)

Business Associate Contracts and Other Arrangement

164.308(b)(1)

Written Contract or Other Arrangement

(R)

Related

Категории