Complete checklist of all Administrative, Physical, and Technical Safeguards required by the HIPAA Security Rule (45 CFR Part 164, Subpart C). Track your compliance status with official regulation references.
0 of 45 requirements completed
0/23
0/10
0/12
Conduct an accurate and thorough assessment of potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI.
Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level.
Apply appropriate sanctions against workforce members who fail to comply with security policies and procedures.
Implement procedures to regularly review records of information system activity (logs, audit reports, incident tracking reports).
Identify the security official who is responsible for the development and implementation of security policies and procedures.
Implement procedures for authorization and/or supervision of workforce members who work with ePHI or in locations where it might be accessed.
Implement procedures to determine that the access of a workforce member to ePHI is appropriate.
Implement procedures for terminating access to ePHI when employment or other arrangement ends or when access is no longer required.
Implement policies and procedures for granting access to ePHI through workstations, transactions, programs, or processes.
Implement policies and procedures that establish, document, review, and modify a user's right of access to workstation, transaction, program, or process.
Implement a security awareness and training program for all members of the workforce (including management).
Periodic security updates and reminders to workforce members.
Procedures for guarding against, detecting, and reporting malicious software.
Procedures for monitoring log-in attempts and reporting discrepancies.
Procedures for creating, changing, and safeguarding passwords.
Identify and respond to suspected or known security incidents; mitigate harmful effects; document incidents and outcomes.
Establish procedures to create and maintain retrievable exact copies of ePHI.
Establish procedures to restore any loss of data.
Establish procedures to enable continuation of critical business processes for protection of ePHI while operating in emergency mode.
Implement procedures for periodic testing and revision of contingency plans.
Assess the relative criticality of specific applications and data in support of other contingency plan components.
Perform periodic technical and nontechnical evaluation of security measures in response to environmental or operational changes.
Obtain satisfactory assurances in writing that business associates will appropriately safeguard ePHI through Business Associate Agreements.