>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

TA-07Role-based Security Training: HIPAA

>Control Description

Organization personnel with access to personal health information (PHI) are required to attend and complete HIPAA privacy training.

Theme

People

Type

Preventive

Policy/Standard

Training & Awareness Procedure

>Implementation Guidance

1. Ensure access to sensitive information including (PHI) is given to limited employees (based on roles and responsibilities) and records for the same shall be maintained. 2. Ensure all employee that accesses PHI shall complete mandatory training of HIPAA security and privacy. 3. Training records for the same needs to be maintained for tracking purpose.

>Testing Procedure

1. Inspect the population of Organization personnel who have access to PHI. 2. Inspect completion records for a sample of employees with access to PHI, for evidence that the employees had completed HIPAA security and privacy training.

>Audit Artifacts

E-TA-05
E-TA-03

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

CIS Controls
1

14.9

ISO 27002:2022
1

6.3

HIPAA Security Rule
2

164.308(a)(5)(i)
164.308(a)(5)(ii)(A)

Ask AI

Configure your API key to use AI features.