>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

TPM-09HIPAA Business Associate Subcontractor Agreement

>Control Description

Organization requires a Business Associate Subcontractor Agreement with Business Associates from which it receives or transmits protected health information (PHI); Business Associates under contract are required to provide assurance that they adhere to Organization's security standards, which includes the security of PHI and reporting security events that potentially expose PHI.

Theme

Process

Type

Preventive

Policy/Standard

Vendor Information Security Policy

>Implementation Guidance

1. Ensure there is a documented business associate subcontractor agreement which includes, but not limited to: security of PHI and reporting of security events that potentially exposes PHI. 2. Ensure that all business associates are under this agreement and provide assurance that they adhere to Organization's security standards.

>Testing Procedure

1. Inspect Organization's Business Associate Subcontractor Agreement document. 2. Inspect an executed agreement for Organization's Business Associate, for evidence that Business Associates provide Assurance that they comply with Organization's security standards, which includes the security of PHI and reporting security events that potentially expose PHI.

>Audit Artifacts

E-TPM-14

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

HIPAA Security Rule
4

164.308(b)(2)
164.308(b)(3)
164.314(a)(2)(i)
164.314(a)(2)(iii)

Ask AI

Configure your API key to use AI features.