Integrity

§164.312(c)(1): Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.

Audit Inquiry

Does the entity have policies and procedures in place to protect ePHI from improper alteration or destruction?

Does the entity protect ePHI form improper alteration or destruction?

Obtain and review policies and procedures regarding the implementation of integrity controls to protect ePHI. Evaluate if the implemented integrity controls appropriately protect the entity’s ePHI from improper alteration or destruction.

Elements to review may include but are not limited to:
• What processes are in place to protect ePHI from improper alteration or destruction
• How processes protect ePHI from improper alteration or destruction
• How processes detect improper alteration or destruction of ePHI
• What actions are taken if improper alteration or destruction of ePHI is detected

Obtain and review documentation demonstrating processes in place to protect ePHI from improper alteration or destruction. Evaluate and determine whether implementation of process in in accordance with related policies and procedures.

Obtain and review documentation demonstrating processes protecting ePHI from improper alteration or destruction. Evaluate and determine whether ePHI is properly protected from alteration or destruction; processes in place to protect ePHI correlates with safeguards identify in integrity control policies and procedures.

Required/Addressable

Required