Access - Authentication, v1.0

Defines privacy requirements related to individuals' ability to obtain their sensitive information.

Assessment Step

1
Access - Authentication (Access-Authentication)
Does the organization require individuals to be able to obtain their sensitive information consistent with security needs for authentication of the individual?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) that support the assessor's response to this assessment step.
Parameter
Information Typesrequired
ENUM_MULTI : Select the type(s) of sensitive information that apply.
  • PII
  • PHI
  • III
  • IIHI
  • Other

Conformance Criteria (1)

C-1
Individuals should be able to obtain their individually identifiable health information consistent with security needs for authentication of the individual.
Citation
HHS-PSF
Section II, Individual Access