HIPAA - Ensure Confidentiality, Integrity and Availability 164.306(a)

Overview:
(1) Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains, or transmits.
(2) Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.
(3) Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under subpart E of this part.
(4) Ensure compliance with this subpart by its workforce.

Action Items:
1) Obtain and review documentation related to the confidentiality, integrity, and availability of electronic protected health information.
2) Evaluate and determine if mechanisms are in place to protect against reasonably anticipated threats or hazards to the security or integrity of ePHI
3) Evaluate and determine if mechanisms are in place to protect against reasonably anticipated uses or disclosures of ePHI that are not permitted or required by the Privacy Rule
4) Interview relevant personnel to confirm that compliance by the workforce is ongoing.

Related Documents:
1) Information Security Policy

Additional Guidance:
Specifically, does the covered entity or business associate:
1. Ensure confidentiality, integrity and availability of EPHI?
2. Protect against reasonably anticipated threats or hazards to the security or integrity of EPHI?
3. Protect against reasonably anticipated uses or disclosures of EPHI that are not permitted or required by the Privacy Rule?
4. Ensure compliance with Security Rule by its workforce?