HIPAA Mappings to Hellotracks Policies and Controls
2023.1
Below is a list of HIPAA Safeguards and Requirements and the Hellotracks policies and controls in place to meet those.
HIPAA Administrative Controls | Hellotracks Policies and Controls |
---|---|
Security Management Process - 164.308(a)(1)(i) | Risk Management |
Assigned Security Responsibility - 164.308(a)(2) | Roles and Responsibilities |
Workforce Security - 164.308(a)(3)(i) | HR & Personnel Security |
Information Access Management - 164.308(a)(4)(i) | Access Policy; Data Management; and Data Protection |
Security Awareness and Training - 164.308(a)(5)(i) | Roles and Responsibilities Policy; and HR & Personnel Security |
Security Incident Procedures - 164.308(a)(6)(i) | Threat Detection and Prevention; and Incident Response |
Contingency Plan - 164.308(a)(7)(i) | Business Continuity and Disaster Recovery |
Evaluation - 164.308(a)(8) | Compliance Audits and System Audits |
HIPAA Physical Safeguards | Hellotracks Policies and Controls |
---|---|
Facility Access Controls - 164.310(a)(1) | Facility and Physical Security |
Workstation Use - 164.310(b) | Access Policy and HR & Personnel Security |
Workstation Security - 164.310(c) | Access Policy and HR & Personnel Security |
Device and Media Controls - 164.310(d)(1) | Mobile Device Security and Disposable Media Management; Data Management; and Data Protection |
HIPAA Technical Safeguards | Hellotracks Policies and Controls |
---|---|
Access Control - 164.312(a)(1) | Access Policy |
Audit Controls - 164.312(b) | Compliance Audits and System Audits |
Integrity - 164.312(c)(1) | Access Policy; Compliance Audits and System Audits; and Threat Detection and Prevention |
Person or Entity Authentication - 164.312(d) | Access Policy |
Transmission Security - 164.312(e)(1) | Access Policy; Data Management; and Data Protection |
HIPAA Organizational Requirements | Hellotracks Policies and Controls |
---|---|
Business Associate Contracts or Other Arrangements - 164.314(a)(1)(i) | Business Associate Agreements; Vendor Management |
HIPAA Policies and Procedures and Documentation Requirements | Hellotracks Policies and Controls |
---|---|
Policies and Procedures - 164.316(a) | Policy Management |
Documentation - 164.316(b)(1)(i) | Policy Management |
HITECH Act - Security Provisions | Hellotracks Policies and Controls |
---|---|
Notification in the Case of Breach - 13402(a) and (b) | Breach Notification |
Timelines of Notification - 13402(d)(1) | Breach Notification |
Content of Notification - 13402(f)(1) | Breach Notification |