Skip to Content

HIPAA - Integrity 164.312(c)(1)

481  Matthew Burdick September 29, 2022  Technical Safeguards

Overview:
Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.


Action Items:
1) Obtain and review policies and procedures regarding the implementation of integrity controls to protect EPHI. Evaluate if the implemented integrity controls appropriately protect the entity's EPHI from improper alteration or destruction. Elements to review may include but are not limited to: What processes are in place to protect ePHI from improper alteration or destruction; How processes protect ePHI from improper alteration or destruction; How processes detect improper alteration or destruction of ePHI; What actions are taken if improper alteration or destruction of ePHI is detected
2) Obtain and review documentation demonstrating processes in place to protect EPHI from improper alteration or destruction. Evaluate and determine whether implementation of process in in accordance with related policies and procedures.
3) Obtain and review documentation demonstrating processes protecting EPHI from improper alteration or destruction. Evaluate and determine whether EPHI is properly protected from alteration or destruction; processes in place to protect EPHI correlates with safeguards identify in integrity control policies and procedures.


Related Documents:
1) Policies and procedures regarding the implementation of integrity controls to protect ePHI.
2) Documentation demonstrating processes in place to protect ePHI from improper alteration or destruction.
3) Documentation demonstrating processes protecting ePHI from improper alteration or destruction.


Additional Guidance:
EPHI that is improperly altered or destroyed can result in clinical quality problems for a covered entity, including patient safety issues. The integrity of data can be compromised by both technical and non-technical sources. Workforce members or business associates may make accidental or intentional changes that improperly alter or destroy EPHI. Data can also be altered or destroyed without human intervention, such as by electronic media errors or failures. The purpose of this standard is to establish and implement policies and procedures for protecting EPHI from being compromised regardless of the source.

 
Not Rated
Secure Code