HIPPA MAppings

Healthcare Compliance

Risk Management

Data Protection

HIPAA Mappings to CloudCore Policies and Controls Below is a list of HIPAA Safeguards and Requirements and the CloudCore policies and controls in place to meet those.

Title	HIPPA MAppings
Doc#	DOC-DATA-004
Version	1.0
Date	07-07-2023

HIPAA Mappings to CloudCore Policies and Controls

Below is a list of HIPAA Safeguards and Requirements and the CloudCore policies and controls in place to meet those.

HIPAA Administrative Controls	CloudCore Policies and Controls
Security Management Process - 164.308(a)(1)(i)	Risk Management
Assigned Security Responsibility - 164.308(a)(2)	Roles and Responsibilities
Workforce Security - 164.308(a)(3)(i)	HR & Personnel Security
Information Access Management - 164.308(a)(4)(i)	Access Policy; Data Management; and Data Protection
Security Awareness and Training - 164.308(a)(5)(i)	Roles and Responsibilities Policy; and HR & Personnel Security
Security Incident Procedures - 164.308(a)(6)(i)	Threat Detection and Prevention; and Incident Response
Contingency Plan - 164.308(a)(7)(i)	Business Continuity and Disaster Recovery
Evaluation - 164.308(a)(8)	Compliance Audits and System Audits

HIPAA Physical Safeguards	CloudCore Policies and Controls
Facility Access Controls - 164.310(a)(1)	Facility and Physical Security
Workstation Use - 164.310(b)	Access Policy and HR & Personnel Security
Workstation Security - 164.310(‘c’)	Access Policy and HR & Personnel Security
Device and Media Controls - 164.310(d)(1)	Mobile Device Security and Disposable Media Management; Data Management; and Data Protection

HIPAA Technical Safeguards	CloudCore Policies and Controls
Access Control - 164.312(a)(1)	Access Policy
Audit Controls - 164.312(b)	Compliance Audits and System Audits
Integrity - 164.312(‘c’)(1)	Access Policy; Compliance Audits and System Audits; and Threat Detection and Prevention
Person or Entity Authentication - 164.312(d)	Access Policy
Transmission Security - 164.312(e)(1)	Access Policy; Data Management; and Data Protection

HIPAA Organisational Requirements	CloudCore Policies and Controls
Business Associate Contracts or Other Arrangements - 164.314(a)(1)(i)	Business Associate Agreements; Vendor Management

HIPAA Policies and Procedures and Documentation Requirements	CloudCore Policies and Controls
Policies and Procedures - 164.316(a)	Policy Management
Documentation - 164.316(b)(1)(i)	Policy Management

HITECH Act - Security Provisions	CloudCore Policies and Controls
Notification in the Case of Breach - 13402(a) and (b)	Breach Notification
Timelines of Notification - 13402(d)(1)	Breach Notification
Content of Notification - 13402(f)(1)	Breach Notification