Skip to main content




The Health Insurance Portability and Accountability Act of 1996 required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information. The version used in this section is the HIPAA Rules 2013 update.


164_308_a_1_ii_D. Information system activity review (required)084. Allow transaction history queries
085. Allow session history queries
164_308_a_3_i. Standard: workforce security095. Define users with privileges
164_308_a_3_ii_A. Authorization or supervision (addressable)034. Manage user accounts
164_310_a_2_iii. Access control and validation procedures (addressable)095. Define users with privileges
114. Deny access with inactive credentials
229. Request access credentials
231. Implement a biometric verification component
164_310_d_2_i. Disposal (required)214. Allow data destruction
164_312_a_1. Standard: access control096. Set user's required privileges
229. Request access credentials
164_312_a_2_i. Unique user identification (required)143. Unique access credentials
164_312_a_2_iii. Automatic logoff (addressable)023. Terminate inactive user sessions
164_312_a_2_iv. Encryption and decryption (addressable)147. Use pre-existent mechanisms
148. Set minimum size of asymmetric encryption
149. Set minimum size of symmetric encryption
370. Use OAEP padding with RSA
371. Use GCM Padding with AES
372. Proper Use of Initialization Vector (IV)
164_312_b. Standard: audit controls075. Record exceptional events in logs
164_312_d. Standard: person or entity authentication096. Set user's required privileges
229. Request access credentials
231. Implement a biometric verification component
164_312_e_1. Standard: transmission security255. Allow access only to the necessary ports
257. Access based on user credentials
164_312_e_2_i. Integrity controls (addressable)214. Allow data destruction
free trial

Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.