OR-1.1 | OR-1.1 Business Associate Contracts | HIPAA Compliance |
OR-1.2 | HIPAA OR-1.2: Business Associate Contracts & ePHI Controls |
OR-2.1 | OR-2.1: Group Health Plan ePHI Safeguards | HIPAA |
PP-1.1 | HIPAA PP-1.1: Facility Access Controls for Contingency Operations |
PP-1.2 | HIPAA PP-1.2: Facility Access Controls & Security Plans |
PP-1.3 | HIPAA PP-1.3: Facility Access Control Procedures |
PP-1.4 | HIPAA PP-1.4: Facility Access Controls & Maintenance Records |
PP-2.1 | HIPAA PP-2.1 Workstation Use Policy | GRCWatch |
PP-3.1 | HIPAA PP-3.1 Workstation Security | Physical Safeguards |
PP-4.1 | HIPAA PP-4.1: Device & Media Disposal Controls |
PP-4.2 | HIPAA PP-4.2: Device & Media Controls for Media Re-Use |
PP-4.3 | HIPAA PP-4.3: Device & Media Controls Accountability |
PP-4.4 | HIPAA PP-4.4: Device & Media Controls for ePHI Backup |
PR-1.1 | HIPAA PR-1.1: Policies & Procedures Compliance |
PR-2.1 | HIPAA PR-2.1: Documentation Retention Requirements |
PR-2.2 | HIPAA PR-2.2: Documentation Availability Compliance |
PR-2.3 | HIPAA PR-2.3: Documentation Updates & Review |
SA-1.1 | HIPAA SA-1.1: Security Management Process & Risk Analysis |
SA-1.2 | HIPAA SA-1.2: Security Management & Risk Reduction |
SA-1.3 | SA-1.3 Sanction Policy | HIPAA Security Rule |
SA-1.4 | SA-1.4 Information System Activity Review | HIPAA |
SA-2.1 | HIPAA SA-2.1: Assign Security Official for Compliance |
SA-3.1 | SA-3.1 Workforce Security: HIPAA Authorization & Supervision |
SA-3.2 | SA-3.2 Workforce Clearance Procedure | HIPAA Security |
SA-3.3 | HIPAA SA-3.3: Workforce Termination Procedures |
SA-4.1 | HIPAA SA-4.1: Healthcare Clearinghouse ePHI Isolation |
SA-4.2 | HIPAA SA-4.2: ePHI Access Authorization Control |
SA-4.3 | SA-4.3 Access Establishment & Modification | HIPAA |
SA-5.1 | HIPAA SA-5.1: Security Awareness Training & Reminders |
SA-5.2 | SA-5.2 Malicious Software Protection | HIPAA Security Rule |
SA-5.3 | HIPAA SA-5.3: Log-In Monitoring & Security Awareness |
SA-5.4 | HIPAA SA-5.4: Password Management Controls |
SA-6.1 | HIPAA SA-6.1: Security Incident Response & Reporting |
SA-7.1 | HIPAA SA-7.1: Data Backup Plan for ePHI Protection |
SA-7.2 | HIPAA SA-7.2: Disaster Recovery Plan & Data Restoration |
SA-7.3 | HIPAA SA-7.3: Emergency Mode Operation Plan for ePHI |
SA-7.4 | SA-7.4 Contingency Plan Testing | HIPAA Security Rule |
SA-7.5 | SA-7.5 Contingency Plan: Applications & Data Criticality Analysis |
SA-8.1 | HIPAA SA-8.1: Security Evaluation & Assessment |
SA-9.1 | SA-9.1: Business Associate Contracts | HIPAA Security Rule |
TS-1.1 | HIPAA TS-1.1: Unique User Identification & Access Control |
TS-1.2 | HIPAA TS-1.2: Emergency Access Procedures for ePHI |
TS-1.3 | HIPAA TS-1.3 Automatic Logoff Control | GRCWatch |
TS-1.4 | HIPAA TS-1.4: ePHI Encryption & Decryption Control |
TS-2.1 | HIPAA TS-2.1 Audit Controls: Record & Examine ePHI Activity |
TS-3.1 | TS-3.1 ePHI Integrity Authentication | HIPAA Security Rule |
TS-4.1 | HIPAA TS-4.1: Person or Entity Authentication |
TS-5.1 | HIPAA TS-5.1: Transmission Security & Integrity Controls |
TS-5.2 | HIPAA TS-5.2: Encryption in Transit for ePHI |