Fluid Attacks Database

HIPAA

Last updated: 2023/09/18

The Health Insurance Portability and Accountability Act of 1996 required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information. The version used in this section is the HIPAA Rules 2013 update.

Control-Requirement Mapping

Definition	Requirements
164_308_a_1_ii_D. Information system activity review (required)	084. Allow transaction history queries 085. Allow session history queries
164_308_a_3_i. Standard: workforce security	095. Define users with privileges
164_308_a_3_ii_A. Authorization or supervision (addressable)	034. Manage user accounts
164_310_a_2_iii. Access control and validation procedures (addressable)	114. Deny access with inactive credentials 229. Request access credentials 231. Implement a biometric verification component 095. Define users with privileges
164_310_d_2_i. Disposal (required)	214. Allow data destruction
164_312_a_1. Standard: access control	229. Request access credentials 096. Set user's required privileges
164_312_a_2_i. Unique user identification (required)	143. Unique access credentials
164_312_a_2_iii. Automatic logoff (addressable)	023. Terminate inactive user sessions
164_312_a_2_iv. Encryption and decryption (addressable)	147. Use pre-existent mechanisms 148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 370. Use OAEP padding with RSA 371. Use GCM Padding with AES 372. Proper Use of Initialization Vector (IV)
164_312_b. Standard: audit controls	075. Record exceptional events in logs
164_312_d. Standard: person or entity authentication	229. Request access credentials 231. Implement a biometric verification component 096. Set user's required privileges
164_312_e_1. Standard: transmission security	255. Allow access only to the necessary ports 257. Access based on user credentials
164_312_e_2_i. Integrity controls (addressable)	214. Allow data destruction

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.