Organizational Requirements


4.20. Requirements for Group Health Plans (? 164.314(b)(1))

Standard: Requirements for group health plans. Except when the only electronic protected health information disclosed to a plan sponsor is disclosed pursuant to §?164.504(f)(1)(ii) or (iii) or as authorized under §?164.508 a group health plan must ensure that its plan documents provide that the plan sponsor will reasonably and appropriately safeguard electronic protected health information created received maintained or transmitted to or by the plan sponsor on behalf of the group health plan.Implementation specifications (Required). The plan documents of the group health plan must be amended to incorporate provisions to require the plan sponsor to—- Implement administrative physical and technical safeguards that reasonably and appropriately protect the confidentiality integrity and availability of the electronic protected health information that it creates receives maintains or transmits on behalf of the group health plan;- Ensure that the adequate separation required by §?164.504(f)(2)(iii) is supported by reasonable and appropriate security measures;- Ensure that any agent to whom it provides this information agrees to implement reasonable and appropriate security measures to protect the information; and- Report to the group health plan any security incident of which it becomes aware.


Click here to Start your FREE trial today!

Explainer video


What is a Cybersecurity Compliance Framework?

You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.

With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.

The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:

Click here to Start your FREE trial today!

Explainer video