§164.312(e)(2)(i): Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of.
Audit Inquiry
Does the entity have policies and procedures in place to implement security measures to ensure that electronically transmitted ePHI cannot be improperly modified without detection until disposed of.
Obtain and review policies and procedures related to transmission security measures. Evaluate content relative to the specified criteria to determine that the security measures are implemented to ensure that electronically transmitted ePHI cannot be improperly modified without detection.
Elements to review may include but are not limited to:
• The security measures in place to ensure that electronically transmitted ePHI has not been improperly modified without detection
• How to detect if transmitted ePHI has been improperly modified
Obtain and review documentation demonstrating the implementation of security measures to protect electronic transmissions of ePHI. Evaluate the content to determine if the implemented security measures ensure that electronically transmitted PHI cannot be improperly modified without detection.
Has the entity chosen to implement an alternative measure?
If yes, obtain and review entity documentation of why it has determined that the implementation specification is not a reasonable and appropriate safeguard and what equivalent alternative measure has been implemented instead.
Evaluate documentation and assess whether the alternative measure implemented is equivalent to the protections afforded by the implementation specification.
Required/Addressable
Addressable