Transmission

§164.312(e)(1): Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.

Audit Inquiry

Does the entity have policies and procedures in place to implement technical security controls to guard against unauthorized access to ePHI transmitted over electronic communications networks?

Does the entity have security controls to guard against unauthorized access to ePHI transmitted over electronic communications networks?

Obtain and review policies and procedures related to transmission security controls. Evaluate content relative to the specified criteria to determine that the technical security controls implemented guards against unauthorized access to ePHI transmitted over electronic communication networks.

Elements to review may include but are not limited to:
• Identify the various methods, devices, and networks used to electronically transmit ePHI
• The procedures to evaluate and select appropriate technical controls to secure ePHI transmitted across all of its devices and networks
• Identify the technical security controls implemented to guard against unauthorized access to ePHI transmitted over electronic communication networks

Obtain and review documentation demonstrating the implementation of technical security measures to protect electronic transmissions of ePHI. Evaluate the content in relation to the specified criteria to determine that the implemented technical security measures are sufficient to guard against unauthorized access to the electronically transmitted ePHI.

Required/Addressable

Required