Appropriate Safeguards to Protect Data - Prevent Disclosure, v1.0

Specifies that a covered entity must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information by preventing disclosure that is in violation of regulations.
A covered entity that is a group health plan is not subject to the standards or implementation specifications in this trustmark, but see Section 164.530(k) for specific exclusions.

Assessment Step

1
Prevent PHI Disclosure (PreventPHIDisclosure)
Does the covered entity have policies and procedures for appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information from any intentional or unintentional use or disclosure and to limit incidental uses or disclosures made pursuant to an otherwise permitted or required use or disclosure under Section 164.500-599?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) that support the assessor's response to this assessment step.
The covered entity must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information.

Conformance Criteria (1)

Appropriate PHI Safeguards
The covered entity must reasonably safeguard protected health information from any intentional or unintentional use or disclosure that is in violation of the standards, implementation specifications or other requirements of Section 164.500-599.
Citation
HIPAA-Privacy-Rule
45 CFR Section 164.530(c)(2)(i)