This entry is part 16 of 59 in the series Complete Guide to HIPAA Security Final Rule

(a)(1) Standard: Access control.  Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in § 164.308(a)(4).

The Access control standard includes four (4) implementation specifications:

  • (i) Unique user identification (Required).
  • (ii) Emergency access procedure (Required).
  • (iii) Automatic logoff (Addressable).
  • (iv) Encryption and decryption (Addressable).
Series Navigation<< 164.308(a)(5)(ii)(A) Standard: Security awareness and training – Security reminders164.312(c)(1) Technical safeguards – Standard: Integrity >>

Michelle Caswell

Senior Director, Legal & Compliance at Clearwater Compliance
Michelle Caswell has over 14 years legal and healthcare experience and worked as a HIPAA Investigator for the U.S. Department of Health and Human Services, Office for Civil Rights where she ensured covered entities were in compliance with HIPAA, conducted complaint investigations and educated entities on HIPAA compliance. Michelle brings that experience to Clearwater Compliance as Senior Director, Legal and Compliance.