on May 25, 2016The Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandates that providers, health plans, clearinghouses, and their business associates establish appropriate administrative, technical, and physical safeguards to protect the privacy and security of sensitive health information.
Dependencies
The HIPAA compliance reports have the following dependencies.
| SA Rules | SA Lists | App Rules |
|---|---|---|
| Accounts Created Accounts Deleted Accounts Modified Group Management Password Changes Password Changes Summary User Access Revoked Change in Audit Settings Access To Compliance Data Details Access to Compliance Data Summary Admin Access to Compliance Systems Details Admin Access to Compliance Systems Summary User Access to Compliance Systems Details User Access to Compliance Systems Summary Logon Failures Details Logon Failures Summary Failed Escalation of Privileges Details Successful Escalation Of Privileges Details Failed Escalation of Privileges Summary Successful Escalation of Privileges Summary | Administrative Users Compliance Data Compliance Systems | account:created account:deleted account:modified account:logon-success alm:cardholder-data account:logon-success config:change-audit-setting account:group-management account:logon-failure account:password-change access:user-access-revoked |
Citations
The HIPAA reports have the following Citations.
| Report Rule | Citation Number | Citation Description |
|---|---|---|
| Access to Compliance Data - Detail Access to Compliance Data - Top 25 | 164.308(a)4(ii)(B) | Access Authorization (Addressable). |
| Accounts Created | 164.308(a)4(i)(C) | Access establishment and modification (Addressable). |
| Accounts Deleted | 164.308(a)4(i)(C) | Access establishment and modification (Addressable). |
| Accounts Modified | 164.308(a)4(i)(C) | Access establishment and modification (Addressable). |
| Admin Access to Compliance Systems - Detail | 164.308(a)(5)(ii)(C) | Log-in monitoring (Addressable). |
| Admin Access to Compliance Systems - Top 25 | 164.308(a)(5)(ii)(C) | Log-in monitoring (Addressable). |
| Change in Audit Settings | 164.312(B) | Standard: Audit Controls. |
| Escalation of Privileges - Detail Escalation of Privileges - Top 25 | 164.308(a)4(i)(C) | |
| Group Management | 164.308(a)4(i)(C) | Access establishment and modification (Addressable). |
| Logon Failures - Detail | 164.308(a)(5)(ii)(C) | Log-in monitoring (Addressable). |
| Logon Failures - Top 25 | 164.308(a)(5)(ii)(C) | Log-in monitoring (Addressable). |
| Password Changes - Detail Password Changes - Top 25 | 164.308(a)5(ii)(D) | Password management (Addressable). |
| User Access Revoked | 164.308(a)3(ii)(C) | Termination procedures (Addressable). |
| User Access to Compliance Systems - Detail | 164.308(a)(5)(ii)(C) | Log-in monitoring (Addressable). |
| User Access to Compliance Systems - Top 25 | 164.308(a)(5)(ii)(C) | Log-in monitoring (Addressable). |
| Account Management | 164.308(a)4(i)(C) | Access establishment and modification (Addressable). |
