Young hacker smiling

REQ.097 Define control access model

This document contains the details of the security requirements related to the definition and management of access control in the organization. This requirement establishes the importance of defining a control access model to the systems and the sensitive information there stored.

Requirement

The organization must define a control access model for the systems.

References

  1. HIPAA Security Rules 164.312(a)(1): Access Control: Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in 164.308(a)(4)

  2. HIPAA Security Rules 164.312(d): Person or Entity Authentication: Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.


Service status - Terms of Use