Information Access Management - Isolating Health Care Clearinghouse Functions Procedures, v1.0

Specifies that if an organization is a health care clearinghouse that is part of a larger organization, the clearinghouse must implement procedures that protect the electronic protected health information of the clearinghouse from unauthorized access by the larger organization.
This assessment only applies if a health care clearinghouse is part of a larger organization.

Assessment Step

1
Procedures to Isolate (ProcedurestoIsolate)
Does the health care clearinghouse implement procedures that protect the electronic protected health information of the clearinghouse from unauthorized access by the larger organization?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) that support the assessor's response to this assessment step.
A covered entity or business associate must perform these requirements in accordance with Section 164.306 (Security standards: General rules).

Conformance Criteria (1)

Isolate Clearinghouse
If a health care clearinghouse is part of a larger organization, the clearinghouse must implement procedures that protect the electronic protected health information of the clearinghouse from unauthorized access by the larger organization.
Citations
HIPAA-Security-Rule
45 CFR Section 164.306
HIPAA-Security-Rule
45 CFR Section 164.308(a)(4)(ii)(A)