Health Insurance Portability and Accountability Act

Security management, workforce security, information access, security awareness, and contingency planning.

Facility access, workstation security, and device/media controls.

Access control, audit controls, integrity mechanisms, and transmission security.

Business associate agreements, group health plan requirements, and policies.

Individual notification, media notification, HHS notification, and breach risk assessment.