In summary, Part 164 Subpart C | HIPAA 164.308: Administrative Safeguards requires the following:
- Implement policies and procedures to prevent, detect, contain, and correct security violations.
- Identify the security official who is responsible for the development and implementation of the policies and procedures required by this subpart for the entity.
- Implement policies and procedures to ensure that only appropriate members of the workforce have access to ePHI.
- Implement policies and procedures for authorized access to ePHI that are consistent with the applicable requirements of the PR.
- Implement a security awareness and training program for all members of its workforce (including management).
- Security incident procedures.
- Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that could damage systems that contain ePHI.
- Perform a periodic technical and non-technical evaluation to ensure that standards continue to be met in response to operational and environmental changes.
- Business associate contracts and other arrangements.
Download HIPAA Policies and Compliance Toolkits Today
hipaapoliciesandprocedures.com also offers industry leading HIPAA toolkits for both Covered Entities (CE) and Business Associates (BA) consisting of high-quality security policies and procedures, training material, readiness checklists and templates, essential legal forms, a HIPAA specific disaster recovery manual, and so much more. Learn about our industry leading HIPAA compliance toolkits today.