This entry is part 9 of 59 in the series Complete Guide to HIPAA Security Final Rule

(a)(1) Standard: Facility access controls. Implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed.

The Facility access controls standard includes four (4) implementation specifications:

  • (i) Contingency operations (Addressable).
  • (ii) Facility security plan (Addressable).
  • (iii) Access control and validation procedures (Addressable).
  • (iv) Maintenance records (Addressable).
Series Navigation<< 164.316(a) Policies and procedures and documentation requirements – Standard: Policies and procedures164.312(a)(2)(i) Standard: Access control – Unique user identification >>

Michelle Caswell

Senior Director, Legal & Compliance at Clearwater Compliance
Michelle Caswell has over 14 years legal and healthcare experience and worked as a HIPAA Investigator for the U.S. Department of Health and Human Services, Office for Civil Rights where she ensured covered entities were in compliance with HIPAA, conducted complaint investigations and educated entities on HIPAA compliance. Michelle brings that experience to Clearwater Compliance as Senior Director, Legal and Compliance.