Security Incident - Documentation Policies, v1.0
Specifies that a health care related organization must have policies to document security incidents and their outcomes.
Assessment Step
1
Policies to Document (PoliciestoDocument)
Does the covered entity or business associate have policies to document security incidents and their outcomes?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) that support the assessor's response to this assessment step.
|
A covered entity or business associate must perform these requirements in accordance with Section 164.306 (Security standards: General rules).
Conformance Criteria (1)
Policies to Document
The covered entity or business associate must have policies to document security incidents and their outcomes.
Citations
HIPAA-Security-Rule
45 CFR Section 164.308(a)(6)(ii)
HIPAA-Security-Rule
45 CFR Section 164.306
|