Skip to content

2. HIPAA Inheritance#

2.1 HIPAA Inheritance#

Administrative Controls HIPAA Rule WayToHealth Control Inherited
Security Management Process - 164.308(a)(1)(i) Risk Management Policy Yes
Assigned Security Responsibility - 164.308(a)(2) Roles Policy Partially
Workforce Security - 164.308(a)(3)(i) Employee Policies Yes
Information Access Management - 164.308(a)(4)(i) System Access Policy Yes
Security Awareness and Training - 164.308(a)(5)(i) Employee Policy No
Security Incident Procedures - 164.308(a)(6)(i) IDS Policy Yes
Contingency Plan - 164.308(a)(7)(i) Disaster Recovery Policy Yes
Evaluation - 164.308(a)(8) Auditing Policy Partially
Physical Safeguards HIPAA Rule WayToHealth Control Inherited
Facility Access Controls - 164.310(a)(1) Facility and Disaster Recovery Policies Yes
Workstation Use - 164.310(b) System Access, Approved Tools, and Employee Policies Yes
Workstation Security - 164.310('c') System Access, Approved Tools, and Employee Policies Yes
Device and Media Controls - 164.310(d)(1) Disposable Media and Data Management Policies Yes
Technical Safeguards HIPAA Rule WayToHealth Control Inherited
Access Control - 164.312(a)(1) System Access Policy Partially
Audit Controls - 164.312(b) Auditing Policy Partially
Integrity - 164.312('c')(1) System Access, Auditing, and IDS Policies Yes (optional)
Person or Entity Authentication - 164.312(d) System Access Policy Yes
Transmission Security - 164.312(e)(1) System Access and Data Management Policy Yes
Organizational Requirements HIPAA Rule WayToHealth Control Inherited
Business Associate Contracts or Other Arrangements - 164.314(a)(1)(i) Business Associate Agreements and 3rd Parties Policies Yes
Policies and Procedures and Documentation Requirements HIPAA Rule WayToHealth Control Inherited
Policies and Procedures - 164.316(a) Policy Management Policy Partially
Documentation - 164.316(b)(1)(i) Policy Management Policy Partially
HITECH Act - Security Provisions HIPAA Rule WayToHealth Control Inherited
Notification in the Case of Breach - 13402(a) and (b) Breach Policy Partially
Timelines of Notification - 13402(d)(1) Breach Policy Partially
Content of Notification - 13402(f)(1) Breach Policy Partially

2.2 HIPAA Inheritance for Platform Add-on Customers#

Administrative Controls HIPAA Rule WayToHealth Control Inherited
Security Management Process - 164.308(a)(1)(i) Risk Management Policy Partially
Assigned Security Responsibility - 164.308(a)(2) Roles Policy Partially
Workforce Security - 164.308(a)(3)(i) Employee Policies Yes
Information Access Management - 164.308(a)(4)(i) System Access Policy Partially
Security Awareness and Training - 164.308(a)(5)(i) Employee Policy Yes
Security Incident Procedures - 164.308(a)(6)(i) IDS Policy No
Contingency Plan - 164.308(a)(7)(i) Disaster Recovery Policy Partially
Evaluation - 164.308(a)(8) Auditing Policy Yes
Physical Safeguards HIPAA Rule WayToHealth Control Inherited
Facility Access Controls - 164.310(a)(1) Facility and Disaster Recovery Policies Yes
Workstation Use - 164.310(b) System Access, Approved Tools, and Employee Policies Yes
Workstation Security - 164.310('c') System Access, Approved Tools, and Employee Policies Yes
Device and Media Controls - 164.310(d)(1) Disposable Media and Data Management Policies Yes
Technical Safeguards HIPAA Rule WayToHealth Control Inherited
Access Control - 164.312(a)(1) System Access Policy Yes
Audit Controls - 164.312(b) Auditing Policy Yes
Integrity - 164.312('c')(1) System Access, Auditing, and IDS Policies Partially
Person or Entity Authentication - 164.312(d) System Access Policy Partially
Transmission Security - 164.312(e)(1) System Access and Data Management Policy Yes
Organizational Requirements HIPAA Rule WayToHealth Control Inherited
Business Associate Contracts or Other Arrangements - 164.314(a)(1)(i) Business Associate Agreements and 3rd Parties Policies Yes
Policies and Procedures and Documentation Requirements HIPAA Rule WayToHealth Control Inherited
Policies and Procedures - 164.316(a) Policy Management Policy Partially
Documentation - 164.316(b)(1)(i) Policy Management Policy Partially
HITECH Act - Security Provisions HIPAA Rule WayToHealth Control Inherited
Notification in the Case of Breach - 13402(a) and (b) Breach Policy Partially
Timelines of Notification - 13402(d)(1) Breach Policy Partially
Content of Notification - 13402(f)(1) Breach Policy Partially
Back to top