This entry is part 3 of 59 in the series Complete Guide to HIPAA Security Final Rule

(a) A covered entity must, in accordance with § 164.306:

(4)(i) Standard: Information access management. Implement policies and procedures for authorizing access to electronic protected health information that are consistent with the applicable requirements of subpart E of this part.

The information access management standard has three(3) implementation specifications:

  • (A) Isolating health care clearinghouse functions (Required).
  • (B) Access authorization (Addressable).
  • (C) Access establishment and modification (Addressable).
Series Navigation<< 164.308(a)(1)(i) Administrative safeguards – Standard: Security management process164.312 Technical safeguards >>

Michelle Caswell

Senior Director, Legal & Compliance at Clearwater Compliance
Michelle Caswell has over 14 years legal and healthcare experience and worked as a HIPAA Investigator for the U.S. Department of Health and Human Services, Office for Civil Rights where she ensured covered entities were in compliance with HIPAA, conducted complaint investigations and educated entities on HIPAA compliance. Michelle brings that experience to Clearwater Compliance as Senior Director, Legal and Compliance.