HIPAA Mappings to Pact Controls
Below is a list of HIPAA Safeguards and Requirements and the Pact controls in place to meet those.
Administrative Controls HIPAA Rule
Pact Control
Security Management Process - 164.308(a)(1)(i)
Risk Management Policy
Assigned Security Responsibility - 164.308(a)(2)
Roles Policy
Workforce Security - 164.308(a)(3)(i)
Employee Policies
Information Access Management - 164.308(a)(4)(i)
System Access Policy
Security Awareness and Training - 164.308(a)(5)(i)
Employee Policy
Security Incident Procedures - 164.308(a)(6)(i)
IDS Policy
Contingency Plan - 164.308(a)(7)(i)
Disaster Recovery Policy
Evaluation - 164.308(a)(8)
Auditing Policy
Physical Safeguards HIPAA Rule
Pact Control
Facility Access Controls - 164.310(a)(1)
Facility and Disaster Recovery Policies
Workstation Use - 164.310(b)
System Access, Approved Tools, and Employee Policies
Workstation Security - 164.310('c')
System Access, Approved Tools, and Employee Policies
Device and Media Controls - 164.310(d)(1)
Disposable Media and Data Management Policies
Technical Safeguards HIPAA Rule
Pact Control
Access Control - 164.312(a)(1)
System Access Policy
Audit Controls - 164.312(b)
Auditing Policy
Integrity - 164.312('c')(1)
System Access, Auditing, and IDS Policies
Person or Entity Authentication - 164.312(d)
System Access Policy
Transmission Security - 164.312(e)(1)
System Access and Data Management Policy
Organizational Requirements HIPAA Rule
Pact Control
Business Associate Contracts or Other Arrangements - 164.314(a)(1)(i)
Business Associate Agreements and 3rd Parties Policies
Policies and Procedures and Documentation Requirements HIPAA Rule
Pact Control
Policies and Procedures - 164.316(a)
Policy Management Policy
Documentation - 164.316(b)(1)(i)
Policy Management Policy
HITECH Act - Security Provisions HIPAA Rule
Pact Control
Notification in the Case of Breach - 13402(a) and (b)
Breach Policy
Timelines of Notification - 13402(d)(1)
Breach Policy
Content of Notification - 13402(f)(1)
Breach Policy