Access Control - Automatic Logoff, v1.0

Specifies that a health care related organization must implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.

Assessment Step

1
Terminate After Inactivity (TerminateAfterInactivity)
Does the covered entity or business associate implement electronic procedures that terminate an electronic session after a predetermined time of inactivity?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) that support the assessor's response to this assessment step.
A covered entity or business associate must perform these requirements in accordance with Section 164.306 (Security standards: General rules).

Conformance Criteria (1)

Terminate After Inactivity
The covered entity or business associate must implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.
Citations
HIPAA-Security-Rule
45 CFR Section 164.312(a)(2)(iii)
HIPAA-Security-Rule
45 CFR Section 164.306