Learn

hipaa

Browse 49 published controls in this framework.

Control IDTitle
OR-1.1OR-1.1 Business Associate Contracts | HIPAA Compliance
OR-1.2HIPAA OR-1.2: Business Associate Contracts & ePHI Controls
OR-2.1OR-2.1: Group Health Plan ePHI Safeguards | HIPAA
PP-1.1HIPAA PP-1.1: Facility Access Controls for Contingency Operations
PP-1.2HIPAA PP-1.2: Facility Access Controls & Security Plans
PP-1.3HIPAA PP-1.3: Facility Access Control Procedures
PP-1.4HIPAA PP-1.4: Facility Access Controls & Maintenance Records
PP-2.1HIPAA PP-2.1 Workstation Use Policy | GRCWatch
PP-3.1HIPAA PP-3.1 Workstation Security | Physical Safeguards
PP-4.1HIPAA PP-4.1: Device & Media Disposal Controls
PP-4.2HIPAA PP-4.2: Device & Media Controls for Media Re-Use
PP-4.3HIPAA PP-4.3: Device & Media Controls Accountability
PP-4.4HIPAA PP-4.4: Device & Media Controls for ePHI Backup
PR-1.1HIPAA PR-1.1: Policies & Procedures Compliance
PR-2.1HIPAA PR-2.1: Documentation Retention Requirements
PR-2.2HIPAA PR-2.2: Documentation Availability Compliance
PR-2.3HIPAA PR-2.3: Documentation Updates & Review
SA-1.1HIPAA SA-1.1: Security Management Process & Risk Analysis
SA-1.2HIPAA SA-1.2: Security Management & Risk Reduction
SA-1.3SA-1.3 Sanction Policy | HIPAA Security Rule
SA-1.4SA-1.4 Information System Activity Review | HIPAA
SA-2.1HIPAA SA-2.1: Assign Security Official for Compliance
SA-3.1SA-3.1 Workforce Security: HIPAA Authorization & Supervision
SA-3.2SA-3.2 Workforce Clearance Procedure | HIPAA Security
SA-3.3HIPAA SA-3.3: Workforce Termination Procedures
SA-4.1HIPAA SA-4.1: Healthcare Clearinghouse ePHI Isolation
SA-4.2HIPAA SA-4.2: ePHI Access Authorization Control
SA-4.3SA-4.3 Access Establishment & Modification | HIPAA
SA-5.1HIPAA SA-5.1: Security Awareness Training & Reminders
SA-5.2SA-5.2 Malicious Software Protection | HIPAA Security Rule
SA-5.3HIPAA SA-5.3: Log-In Monitoring & Security Awareness
SA-5.4HIPAA SA-5.4: Password Management Controls
SA-6.1HIPAA SA-6.1: Security Incident Response & Reporting
SA-7.1HIPAA SA-7.1: Data Backup Plan for ePHI Protection
SA-7.2HIPAA SA-7.2: Disaster Recovery Plan & Data Restoration
SA-7.3HIPAA SA-7.3: Emergency Mode Operation Plan for ePHI
SA-7.4SA-7.4 Contingency Plan Testing | HIPAA Security Rule
SA-7.5SA-7.5 Contingency Plan: Applications & Data Criticality Analysis
SA-8.1HIPAA SA-8.1: Security Evaluation & Assessment
SA-9.1SA-9.1: Business Associate Contracts | HIPAA Security Rule
TS-1.1HIPAA TS-1.1: Unique User Identification & Access Control
TS-1.2HIPAA TS-1.2: Emergency Access Procedures for ePHI
TS-1.3HIPAA TS-1.3 Automatic Logoff Control | GRCWatch
TS-1.4HIPAA TS-1.4: ePHI Encryption & Decryption Control
TS-2.1HIPAA TS-2.1 Audit Controls: Record & Examine ePHI Activity
TS-3.1TS-3.1 ePHI Integrity Authentication | HIPAA Security Rule
TS-4.1HIPAA TS-4.1: Person or Entity Authentication
TS-5.1HIPAA TS-5.1: Transmission Security & Integrity Controls
TS-5.2HIPAA TS-5.2: Encryption in Transit for ePHI