164.312(a)(2)(iii): Automatic Logoff
Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.
164.312(a)(2)(i): Unique User Identification
Assign a unique name and/or number for identifying and tracking user identity.
164.310(b): Workstation Use
Implement policies and procedures to specify the proper functions to be performed, the manner in which they are performed, and the physical attributes of the surroundings of a specific workstation or class of workstation that can access ePHI.
164.310(a)(2)(iv): Maintenance Records
Implement policies and procedures to document repairs and modifications to the physical components of a facility which are related to security.
164.310(a)(2)(iii): Access Control and Validation Procedures
Implement procedures to control and validate a person's access to facilities based on their role or function, including visitor control and control of access to software programs for testing and revision.
164.310(a)(1): Facility Access Controls
Implement policies and procedures to limit physical access to electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed.
164.308(a)(5)(ii)(D): Password Management
Procedures for creating, changing, and safeguarding passwords.
164.308(a)(5)(ii)(C): Log-in Monitoring
Procedures for monitoring log-in attempts and reporting discrepancies.
—164.308(a)(4)(ii)(C): Access Establishment and Modification
Implement policies and procedures that establish, document, review, and modify access to ePHI.
—164.308(a)(4)(ii)(B): Access Authorization
Implement policies and procedures for granting access to ePHI.
—164.308(a)(4)(ii)(A): Isolating Health Care Clearinghouse Functions
Implement policies and procedures to protect ePHI when clearinghouse functions are performed.
Information Access Management
Implement policies and procedures for authorizing access to ePHI.