Accountability - Compliance Monitoring, v1.0

Defines privacy requirements related to monitoring for internal compliance for access and disclosure of sensitive information.

Assessment Step

1
Accountability - Compliance Monitoring (Accountability-ComplianceMonitoring)
Does the organization require persons and entities, that participate in a network for the purpose of electronic exchange of sensitive information, to address monitoring for internal compliance including authentication and authorizations for access to or disclosure of sensitive information?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) that support the assessor's response to this assessment step.
Parameter
Information Typesrequired
ENUM_MULTI : Select the type(s) of sensitive information that apply.
  • PII
  • PHI
  • III
  • IIHI
  • Other

Conformance Criteria (1)

C-1
Persons and entities, that participate in a network for the purpose of electronic exchange of individually identifiable health information, should address monitoring for internal compliance including authentication and authorizations for access to or disclosure of individually identifiable health information.
Citation
HHS-PSF
Section II, Accountability