HIPAA Security Policies

Administrative Safeguards

Policies and Procedures Standards

Information Security Strategy 

Documentation Standard

Risk Analysis

Risk Management

TS-3 Sanction Policy

TS-4 Information System Activity Review

TS-5 Assigned Security Responsibility

TS-6 Authorization and/or Supervision

TS-7 Workforce Clearance Procedure

TS-8 Termination Procedures

Isolating Healthcare Clearinghouse Functions

TS-10 Access Authorization Policy

TS-11 Access Establishment and Modification

TS-12 Security Reminders

TS-13 Protection from Malicious Software

TS-14 Log-in Monitoring

TS-15 Password Management

TS-16 Response and Reporting

TS-17 Data Backup Plan

TS-18 Data Recovery Plan

TS-19 Emergency Mode Operation Plan

TS-20 Testing and Revision Procedure

Applications and Data Criticality Analysis

TS-22 Evaluation Policy

Physical Safeguards

TS-24 Contingency Operations

TS-25 Facility Security Plan

TS-26 Access Control and Validation

TS-27 Maintenance Records Policy

TS-28 Workstation Use Policy

Workstation Security

TS-30 Disposal Policy

TS-31 Media Reuse

TS-32 Accountability

TS-33 Data Backup and Storage

Technical Safeguards

TS-34 Unique User Identification

TS-35 Emergency Access Procedure

TS-36 Automatic Logoff

Encryption and Decryption

TS-38 Audit Controls

TS-39 Mechanism to Authenticate E-PHI

TS-40 Person or Entity Authentication

TS-41 Integrity Controls

TS-42 Encryption Policy