{"frameworkId":"hipaa","label":"HIPAA","version":"Security Rule","description":"Health Insurance Portability and Accountability Act \u2014 US law governing the protection of protected health information (PHI) across healthcare entities and their business associates.","homepageUrl":"https://www.hhs.gov/hipaa/index.html","css":"fw-hipaa","totalControls":59,"registryKey":"hipaa","csvColumn":"Hipaa","displayOrder":8,"scoring":{"method":"criteria-coverage","criteria":{"\u00a7164.308":{"label":"Administrative Safeguards","description":"Security management, access management, training, and contingency planning"},"\u00a7164.310":{"label":"Physical Safeguards","description":"Facility access controls, workstation use, and device/media controls"},"\u00a7164.312":{"label":"Technical Safeguards","description":"Access control, audit controls, integrity, transmission security"},"\u00a7164.314":{"label":"Organizational Requirements","description":"Business associate contracts and group health plan requirements"},"\u00a7164.316":{"label":"Policies and Procedures","description":"Documentation requirements and record retention"}}},"colors":{"light":{"background":"#fdf2f8","color":"#9d174d"},"dark":{"background":"#831843","color":"#F9A8D4"}}}
|