Access Control - Emergency Access Procedure, v1.0

Specifies that a health care related organization must establish (and implement as needed) procedures for obtaining necessary electronic protected health information during an emergency.

Assessment Step

1
Obtain PHI During Emergency (ObtainPHIDuringEmergency)
Does the covered entity or business associate establish (and implement as needed) procedures for obtaining necessary electronic protected health information during an emergency?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) that support the assessor's response to this assessment step.
A covered entity or business associate must perform these requirements in accordance with Section 164.306 (Security standards: General rules).

Conformance Criteria (1)

Obtain PHI During Emergency
The covered entity or business associate must establish (and implement as needed) procedures for obtaining necessary electronic protected health information during an emergency.
Citations
HIPAA-Security-Rule
45 CFR Section 164.306
HIPAA-Security-Rule
45 CFR Section 164.312(a)(2)(ii)