Framework program
HIPAA Security and Privacy Rules evidence template.
This is a reusable framework module. It defines source authority, native identifier patterns, collector fit, expected evidence, manual evidence gates, and deployment posture before any client project is created.
next seed45 CFR Parts 160 and 164; Security Rule with 2025 proposed update trackedHIPAA
Template status
planned
HHS OCR / eCFR
Seed rows
13
Source-native requirement rows
Native examples
2
Stored without normalization loss
Collectors
3
document, configuration, manual-upload
Deployment fits
3
SaaS, private, appliance, runner
Native source contract
Keep the framework’s identifiers intact
45 CFR 164.312(a)(1)
Evidence maps to this native reference first, then to any shared ControlFrame control spine or cross-framework reuse.
45 CFR 164.308(a)(5)
Evidence maps to this native reference first, then to any shared ControlFrame control spine or cross-framework reuse.
Automated evidence
Collector lanes to build
ePHI system inventory
access control and audit log evidence
backup/encryption configuration snapshots
security incident workflow exports
training and sanctions tracking
Manual or human-gated evidence
Do not fabricate these artifacts
risk analysis
risk management plan
BAAs
privacy/security policies
breach notification procedures