HIPAA Compliance:

Section                              Standard                                                      Specification

164.308(a)(1)              Security Management Process            Risk Management

164.308(a)(5)              Security Awareness Training              Log-in Monitoring

164.308(a)(6)              Security Incident Procedures              Response and Reporting

164.312(b)                   Audit Controls                                                Encryption and Decryption

164.312©(1)                Integrity                                              Mechanism automating PHI

Scope:

1. Data
   
2. Applications
   
3. Servers
   
4. Subnets
   
5. DPA policy control
   
6. Network
   

Requirements:

1) Triple factor Authentication

2) Access based on need to know

3) Reasonable protection

4) Encryption

5) Log showing all access and change at every level