HIPAA Mappings to Tuna Policies and Controls
2021.1
Below is a list of HIPAA Safeguards and Requirements and the Tuna policies and controls in place to meet those.
| HIPAA Administrative Controls | Tuna Policies and Controls |
|---|---|
| Security Management Process - 164.308(a)(1)(i) | Risk Management |
| Assigned Security Responsibility - 164.308(a)(2) | Roles and Responsibilities |
| Workforce Security - 164.308(a)(3)(i) | HR & Personnel Security |
| Information Access Management - 164.308(a)(4)(i) | Access Policy; Data Management; and Data Protection |
| Security Awareness and Training - 164.308(a)(5)(i) | Roles and Responsibilities Policy; and HR & Personnel Security |
| Security Incident Procedures - 164.308(a)(6)(i) | Threat Detection and Prevention; and Incident Response |
| Contingency Plan - 164.308(a)(7)(i) | Business Continuity and Disaster Recovery |
| Evaluation - 164.308(a)(8) | Compliance Audits and System Audits |
| HIPAA Physical Safeguards | Tuna Policies and Controls |
|---|---|
| Facility Access Controls - 164.310(a)(1) | Facility and Physical Security |
| Workstation Use - 164.310(b) | Access Policy and HR & Personnel Security |
| Workstation Security - 164.310('c') | Access Policy and HR & Personnel Security |
| Device and Media Controls - 164.310(d)(1) | Mobile Device Security and Disposable Media Management; Data Management; and Data Protection |
| HIPAA Technical Safeguards | Tuna Policies and Controls |
|---|---|
| Access Control - 164.312(a)(1) | Access Policy |
| Audit Controls - 164.312(b) | Compliance Audits and System Audits |
| Integrity - 164.312('c')(1) | Access Policy; Compliance Audits and System Audits; and Threat Detection and Prevention |
| Person or Entity Authentication - 164.312(d) | Access Policy |
| Transmission Security - 164.312(e)(1) | Access Policy; Data Management; and Data Protection |
| HIPAA Organizational Requirements | Tuna Policies and Controls |
|---|---|
| Business Associate Contracts or Other Arrangements - 164.314(a)(1)(i) | Business Associate Agreements; Vendor Management |
| HIPAA Policies and Procedures and Documentation Requirements | Tuna Policies and Controls |
|---|---|
| Policies and Procedures - 164.316(a) | Policy Management |
| Documentation - 164.316(b)(1)(i) | Policy Management |
| HITECH Act - Security Provisions | Tuna Policies and Controls |
|---|---|
| Notification in the Case of Breach - 13402(a) and (b) | Breach Notification |
| Timelines of Notification - 13402(d)(1) | Breach Notification |
| Content of Notification - 13402(f)(1) | Breach Notification |