164.312(e)(2)(ii): Encryption
Implement a mechanism to encrypt ePHI whenever deemed appropriate.
164.312(e)(2)(i): Integrity Controls
Implement security measures to ensure that electronically transmitted ePHI is not improperly modified without detection until disposed of.
164.312(e)(1): Transmission Security
Implement technical security measures to guard against unauthorized access to ePHI that is being transmitted over an electronic communications network.
164.312(d): Person or Entity Authentication
Implement procedures to verify that a person or entity seeking access to ePHI is the one claimed.
164.312(c)(2): Mechanism to Authenticate ePHI
Implement electronic mechanisms to corroborate that ePHI has not been altered or destroyed in an unauthorized manner.
164.312(c)(1): Integrity
Implement policies and procedures to protect ePHI from improper alteration or destruction.
164.312(b): Audit Controls
Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI.
164.312(a)(2)(iv): Encryption and Decryption
Implement a mechanism to encrypt and decrypt ePHI.
164.312(a)(2)(iii): Automatic Logoff
Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.
164.312(a)(2)(i): Unique User Identification
Assign a unique name and/or number for identifying and tracking user identity.
164.312(a)(1): Access Control
Implement technical policies and procedures for electronic information systems that maintain ePHI to allow access only to those persons or software programs that have been granted access rights.
164.310(d)(2)(iv): Data Backup and Storage
Create a retrievable, exact copy of ePHI, when needed, before movement of equipment.
164.310(d)(2)(iii): Accountability
Maintain a record of the movements of hardware and electronic media and any person responsible therefore.
164.310(d)(2)(ii): Media Re-use
Implement procedures for removal of ePHI from electronic media before the media are made available for re-use.
164.310(d)(2)(i): Disposal
Implement policies and procedures to address the final disposition of ePHI, and/or the hardware or electronic media on which it is stored.
164.310(d)(1): Device and Media Controls
Implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain ePHI into and out of a facility, and the movement of these items within the facility.
164.310(c): Workstation Security
Implement physical safeguards for all workstations that access ePHI to restrict access to authorized users.
164.310(b): Workstation Use
Implement policies and procedures to specify the proper functions to be performed, the manner in which they are performed, and the physical attributes of the surroundings of a specific workstation or class of workstation that can access ePHI.
164.310(a)(2)(iv): Maintenance Records
Implement policies and procedures to document repairs and modifications to the physical components of a facility which are related to security.
164.310(a)(2)(iii): Access Control and Validation Procedures
Implement procedures to control and validate a person's access to facilities based on their role or function, including visitor control and control of access to software programs for testing and revision.