controls/frameworks/hipaa.json
|
{ "frameworkId": "hipaa", "label": "HIPAA", "version": "Security Rule", "description": "Health Insurance Portability and Accountability Act — US law governing the protection of protected health information (PHI) across healthcare entities and their business associates.", "homepageUrl": "https://www.hhs.gov/hipaa/index.html", "css": "fw-hipaa", "totalControls": 59, "registryKey": "hipaa", "csvColumn": "Hipaa", "displayOrder": 8, "scoring": { "method": "criteria-coverage", "criteria": { "§164.308": { "label": "Administrative Safeguards", "description": "Security management, access management, training, and contingency planning" }, "§164.310": { "label": "Physical Safeguards", "description": "Facility access controls, workstation use, and device/media controls" }, "§164.312": { "label": "Technical Safeguards", "description": "Access control, audit controls, integrity, transmission security" }, "§164.314": { "label": "Organizational Requirements", "description": "Business associate contracts and group health plan requirements" }, "§164.316": { "label": "Policies and Procedures", "description": "Documentation requirements and record retention" } } }, "colors": { "light": { "background": "#fdf2f8", "color": "#9d174d" }, "dark": { "background": "#831843", "color": "#F9A8D4" } } } |