HIPAA (Health Insurance Portability and Accountability Act) - Security Management Process
164.308(a)(1) - Implement policies and procedures to prevent, detect, contain and correct security violations.
HIPAA (Health Insurance Portability and Accountability Act) - Assigned Security Responsibility
164.308(a)(2) - Identify the security official who is responsible for the development and implementation of the policies and procedures required by this subpart [the Security Rule] for the entity.
HIPAA (Health Insurance Portability and Accountability Act) - Workforce Security
164.308(a)(3) - Implement policies and procedures to ensure that all members of its workforce have appropriate access to electronic protected health information, as provided under [the Information Access Management standard], and to prevent those workforce members who do not have access under [the Information Access Management standard] from obtaining access to electronic protected health information.
HIPAA (Health Insurance Portability and Accountability Act) - Information Access Management
164.308(a)(4) - Implement policies and procedures for authorizing access to electronic protected health information that are consistent with the applicable requirements of subpart E of this part [the Privacy Rule].
HIPAA (Health Insurance Portability and Accountability Act) - Security Awareness and Training
164.308(a)(5) - Implement a security awareness and training program for all members of its workforce (including management).
HIPAA (Health Insurance Portability and Accountability Act) - Security Incident Procedures
164.308(a)(6) - Implement policies and procedures to address security incidents.
HIPAA (Health Insurance Portability and Accountability Act) - Contingency Plan
164.308(a)(7) - Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.”
HIPAA (Health Insurance Portability and Accountability Act) - Evaluation
164.308(a)(8) - Perform a periodic technical and nontechnical evaluation, based initially upon the standards implemented under this rule and subsequently, in response to environmental or operations changes affecting the security of electronic protected health information, that establishes the extent to which an entity’s security policies and procedures meet the requirements of this subpart [the Security Rule].
HIPAA (Health Insurance Portability and Accountability Act) - Business Associate Contracts And Other Arrangements
164.308(b)(1) - A covered entity, in accordance with 164.306 [the Security Standards: General Rules], may permit a business associate to create, receive, maintain, or transmit electronic protected health information on the covered entity’s behalf only if the covered entity obtains satisfactory assurances, in accordance with 164.314(a) [the Organizational Requirements] that the business associate will appropriately safeguard the information (Emphasis added).