§164.308(a): A covered entity or business associate must in accordance with 164.306:
(1)(i) Implement policies and procedures to prevent, detect, contain, and correct security violations.

Audit Inquiry

Does the entity have written policies and procedures in place to prevent, detect, contain and correct security violations?

Does the entity prevent, detect, contain and correction security violations?

Obtain and review policies and procedures related to security violations. Evaluate the content relative to the specified performance criteria for countermeasures or safeguards implemented to prevent, detect, contain and correct security violations.

Obtain and review documentation demonstrating that policies and procedures have been implemented to prevent, detect, contain, correct security violations. Evaluate and determine if the process used is in accordance with related policies and procedures.

Obtain and review documentation of security violations and remediation actions. Evaluate and determine if security violations where handled in accordance with the related policies and procedures; safeguards or countermeasures to prevent violations from occurring; identify and characterize violations as they happen; limit the extent of any damages caused by violations; have corrective action plan in place to manage risk.