Subscribe via RSS

Topgallant Partners

HIPAA Security Requirements

Required and Addressable Security Requirements

The Mandatory Required Security Elements include

Ensure CIA of ePHI (Required)
Risk Analysis (Required)
Risk Management (Required)
Sanction Policy (Required)
Information System Activity Review (Required)
Assign a Security Official (Required)
Isolating Healthcare Clearinghouse Functions (Required)
Response and Reporting (Required)
Data Backup Plan (Required)
Written Contract or Other Arrangement (Required)
Emergency Mode Operation Plan (Required).
Disaster Recovery Plan (Required)
Reasonable Protection Against Threats. (Required)
Reasonable Protection Against Disclosure. (Required)
Ensure compliance by workforce (Required)
Flexibility of Approach (Required)
Standards (Required)
Implementation Specifications (Required)
Required or Addressable (Required)
Required Standards (Required)
Assess Applicability for Addressable (Required)
Implement if reasonable and appropriate (Required)
If not reasonable and appropriate: (Required)
Document why not and rationale (Required)
Implement an equivalent alternative (Required)
Maintenance – (Required)

Desired or Addressable Elements Include:

Testing and Revision Procedures (Addressable)
Applications and Data Criticality Analysis (Addressable)
Contingency Operations (Addressable)
Facility Security Plan (Addressable)
Access Control and Validation (Addressable)
Maintenance Records (Addressable)
Authorization and/or Supervision (Addressable)
Workforce Clearance Procedures (Addressable)
Termination Procedures (Addressable)
Access Authorization (Addressable)
Access Establishment and Modification (Addressable)
Security Reminders (Addressable)
Protection from Malicious Software (Addressable)
Log-In Monitoring (Addressable)
Password Management (Addressable)