|
physical
safeguards, security (HIPAA)
HIPAA's Security
Rule divides its protections into three "safeguard"
categories: physical (discussed here), administrative
and technical.
Each safeguard category includes various standards
and implementation specifications.
The Rule
defines physical safeguards as "physical measures, policies
and procedures to protect a covered
entity's electronic information systems and related buildings
and equipment, from natural and environmental hazards, and
unauthorized intrusion."
The physical safeguards
standards and specifications are presented in the matrix below.
(For more information on a particular standard, follow the
link in the left column.)
| Standard(s) |
CFR
section |
Implementation
Specification
(r)=required; (a)=addressable |
| facility
access controls |
164.310(a)(1) |
contingency
operations (a) |
| facility security
plan (a) |
| access control
and validation procedures (a) |
| maintenance
records (a) |
| workstation
use |
164.310(b) |
(r) |
| workstation
security |
164.310(c) |
(r) |
| device
and media controls |
164.310(d)(1) |
disposal (r) |
| media re-use
(r) |
| accountability
(a) |
| data backup
and storage (a) |
Source: Appendix
A to Subpart C of Part 164
See also:
|
