Loading controls...
Benchmark: 164.314(b)(1) Requirements for group health plans
Description
Except when the only electronic protected health information disclosed to a plan sponsor is disclosed pursuant to 164.504(f)(1)(ii) or (iii), or as authorized under 164.508, a group health plan must ensure that its plan documents provide that the plan sponsor will reasonably and appropriately safeguard electronic protected health information created, received, maintained, or transmitted to or by the plan sponsor on behalf of the group health plan.
Usage
Browse dashboards and select 164.314(b)(1) Requirements for group health plans:
steampipe dashboardOr run the benchmarks in your terminal:
steampipe check aws_compliance.benchmark.hipaa_final_omnibus_security_rule_2013_164_314_b_1Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share aws_compliance.benchmark.hipaa_final_omnibus_security_rule_2013_164_314_b_1Controls
- CloudTrail trail logs should be encrypted with KMS CMK
- DynamoDB Accelerator (DAX) clusters should be encrypted at rest
- DynamoDB table should have encryption enabled
- Attached EBS volumes should have encryption enabled
- EBS default encryption should be enabled
- EKS clusters should be configured to have kubernetes secrets encrypted using KMS
- ELB classic load balancers should only use SSL or HTTPS listeners
- ES domain encryption at rest should be enabled
- Elasticsearch domain node-to-node encryption should be enabled
- OpenSearch domains should have encryption at rest enabled
- OpenSearch domains should use HTTPS
- OpenSearch domains node-to-node encryption should be enabled
- RDS DB instance encryption at rest should be enabled
- RDS DB snapshots should be encrypted at rest
- Redshift cluster encryption in transit should be enabled
- AWS Redshift clusters should be encrypted with KMS
- Redshift clusters should prohibit public access
- S3 bucket default encryption should be enabled
- S3 bucket default encryption should be enabled with KMS
- S3 buckets should enforce SSL
- S3 buckets should prohibit public read access
- S3 buckets should prohibit public write access
- S3 public access should be blocked at account level
- SageMaker endpoint configuration encryption should be enabled
- SageMaker notebook instance encryption should be enabled
- VPC should be configured to use VPC endpoints