About GPO   |   Newsroom/Media   |   Congressional Relations   |   Inspector General   |   Careers   |   Contact   |   askGPO   |   Help  
Home   |   Customers   |   Vendors   |   Libraries  

The Electronic Code of Federal Regulations (e-CFR) is a regularly updated, unofficial editorial compilation of CFR material and Federal Register amendments produced by the National Archives and Records Administration's Office of the Federal Register (OFR) and the Government Printing Office.

Parallel Table of Authorities and Rules for the Code of Federal Regulations and the United States Code
Text | PDF

Find, review, and submit comments on Federal rules that are open for comment and published in the Federal Register using Regulations.gov.

Purchase individual CFR titles from the U.S. Government Online Bookstore.

Find issues of the CFR (including issues prior to 1996) at a local Federal depository library.


Electronic Code of Federal Regulations

e-CFR Data is current as of April 15, 2014

Title 45: Public Welfare
Subpart C—Security Standards for the Protection of Electronic Protected Health Information

Appendix A to Subpart C of Part 164—Security Standards: Matrix

Standards Sections Implementation Specifications (R)=Required, (A)=Addressable
Administrative Safeguards
Security Management Process164.308(a)(1)Risk Analysis (R)
   Risk Management (R)
   Sanction Policy (R)
   Information System Activity Review (R)
Assigned Security Responsibility164.308(a)(2)(R)
Workforce Security164.308(a)(3)Authorization and/or Supervision (A)
Workforce Clearance Procedure
   Termination Procedures (A)
Information Access Management164.308(a)(4)Isolating Health care Clearinghouse Function (R)
   Access Authorization (A)
   Access Establishment and Modification (A)
Security Awareness and Training164.308(a)(5)Security Reminders (A)
   Protection from Malicious Software (A)
   Log-in Monitoring (A)
   Password Management (A)
Security Incident Procedures164.308(a)(6)Response and Reporting (R)
Contingency Plan164.308(a)(7)Data Backup Plan (R)
   Disaster Recovery Plan (R)
   Emergency Mode Operation Plan (R)
   Testing and Revision Procedure (A)
   Applications and Data Criticality Analysis (A)
Business Associate Contracts and Other Arrangement164.308(b)(1)Written Contract or Other Arrangement (R)
Physical Safeguards
Facility Access Controls164.310(a)(1)Contingency Operations (A)
   Facility Security Plan (A)
   Access Control and Validation Procedures (A)
   Maintenance Records (A)
Workstation Use164.310(b)(R)
Workstation Security164.310(c)(R)
Device and Media Controls164.310(d)(1)Disposal (R)
   Media Re-use (R)
   Accountability (A)
      Data Backup and Storage (A)
Technical Safeguards (see §164.312)
Access Control164.312(a)(1)Unique User Identification (R)
   Emergency Access Procedure (R)
   Automatic Logoff (A)
   Encryption and Decryption (A)
Audit Controls164.312(b)(R)
Integrity164.312(c)(1)Mechanism to Authenticate Electronic Protected Health Information (A)
Person or Entity Authentication164.312(d)(R)
Transmission Security164.312(e)(1)Integrity Controls (A)
   Encryption (A)

For questions or comments regarding e-CFR editorial content, features, or design, email ecfr@nara.gov.
For questions concerning e-CFR programming and delivery issues, email webteam@gpo.gov.