HIPAA Mappings to FlowTrack Policies and Controls

2020.1

Below is a list of HIPAA Safeguards and Requirements and the FlowTrack policies and controls in place to meet those.

HIPAA Administrative Controls FlowTrack Policies and Controls
Security Management Process - 164.308(a)(1)(i) Risk Management
Assigned Security Responsibility - 164.308(a)(2) Roles and Responsibilities
Workforce Security - 164.308(a)(3)(i) HR & Personnel Security
Information Access Management - 164.308(a)(4)(i) Access Policy; Data Management; and Data Protection
Security Awareness and Training - 164.308(a)(5)(i) Roles and Responsibilities Policy; and HR & Personnel Security
Security Incident Procedures - 164.308(a)(6)(i) Threat Detection and Prevention; and Incident Response
Contingency Plan - 164.308(a)(7)(i) Business Continuity and Disaster Recovery
Evaluation - 164.308(a)(8) Compliance Audits and System Audits
HIPAA Physical Safeguards FlowTrack Policies and Controls
Facility Access Controls - 164.310(a)(1) Facility and Physical Security
Workstation Use - 164.310(b) Access Policy and HR & Personnel Security
Workstation Security - 164.310('c') Access Policy and HR & Personnel Security
Device and Media Controls - 164.310(d)(1) Mobile Device Security and Disposable Media Management; Data Management; and Data Protection
HIPAA Technical Safeguards FlowTrack Policies and Controls
Access Control - 164.312(a)(1) Access Policy
Audit Controls - 164.312(b) Compliance Audits and System Audits
Integrity - 164.312('c')(1) Access Policy; Compliance Audits and System Audits; and Threat Detection and Prevention
Person or Entity Authentication - 164.312(d) Access Policy
Transmission Security - 164.312(e)(1) Access Policy; Data Management; and Data Protection
HIPAA Organizational Requirements FlowTrack Policies and Controls
Business Associate Contracts or Other Arrangements - 164.314(a)(1)(i) Business Associate Agreements; Vendor Management
HIPAA Policies and Procedures and Documentation Requirements FlowTrack Policies and Controls
Policies and Procedures - 164.316(a) Policy Management
Documentation - 164.316(b)(1)(i) Policy Management
HITECH Act - Security Provisions FlowTrack Policies and Controls
Notification in the Case of Breach - 13402(a) and (b) Breach Notification
Timelines of Notification - 13402(d)(1) Breach Notification
Content of Notification - 13402(f)(1) Breach Notification