HIPAA §164.310(b) - Workstation Use | TITAN AI Audit Evidence

1. CONTROL IDENTIFICATION

Framework	HIPAA Security Rule
Control ID	`§164.310(b)`
Control Family	Physical Safeguards > Workstation Controls
Control Name	Workstation Use
Status	IMPLEMENTED
Assessment Date	2026-04-19T02:25:35.202960+00:00
Assessor	TITAN AI Scanner v2.0 (CONDUCTOR + BASTION + SCOUT + COMPLY + SAGE)
Environment Scope	Azure: Pay-As-You-Go (prod) (`4f29d094-1079-44c9-acb0-4d73a7a2dd34`)
Report ID	`6b244cfa5d37a190ca4970bfe28fcd708812a39ae2d11f39b51d3c65f5139385`

2. REGULATORY TEXT

Standard: Workstation use. Implement policies and procedures that specify the proper functions to be performed, the manner in which those functions are to be performed, and the physical attributes of the surroundings of a specific workstation or class of workstation that can access electronic protected health information.

Source: https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164/subpart-C/section-164.310

3. IMPLEMENTATION SPECIFICATIONS

Each implementation specification addressed separately per HIPAA §164.306(d) / NIST 800-53A assessment methodology.

164.310(b) REQUIRED Workstation Use Policy IMPLEMENTED

Document acceptable workstation use and environmental controls.

Evidence: #A1

4. EVIDENCE ARTIFACTS

Summarized with counts + exceptions + drill-down. Raw data available on request per retention policy.

#A1 Workstation Use Policy Attestation 2026-04-19T02:25:35.202960+00:00

All 142 endpoints enrolled in Intune with workstation use policy acknowledgement logged.

Records: 142 Exceptions surfaced: 0 Sampling: full

5. TESTING PROCEDURES & RESULTS

Test of Design (does the control exist?) + Test of Operating Effectiveness (does it work consistently?). Sampling per AICPA AU-C 530.

Test of Design - Workstation use policy exists DESIGN PASS

Sample size: n/a

Policy v1.3 in effect.

6. FINDINGS / EXCEPTIONS

Active findings: 0 · Accepted risks (exceptions): 0 · Total: 0

Click any finding to view detail, remediation, and record an exception (risk acceptance). Exceptions are retained in the report as part of the audit trail.

No findings for this control.

7. MANAGEMENT RESPONSE

SOC 2 Type 2 and HITRUST assessors require management's written response to findings.

Management has reviewed 0 findings. No open findings for this control period. Next review cycle: quarterly.

8. AUDIT TRAIL

Scanner	TITAN AI Scanner v2.0 (CONDUCTOR + BASTION + SCOUT + COMPLY + SAGE)
Scanner version	v2.0.1
Collection timestamp	2026-04-19T02:25:35.202960+00:00
Retention	2555 days (HIPAA 164.316(b)(2))
Report hash (SHA-256)	`6b244cfa5d37a190ca4970bfe28fcd708812a39ae2d11f39b51d3c65f5139385`

9. CROSS-FRAMEWORK MAPPING

This same evidence is admissible for the following related controls. Scan once, satisfy multiple frameworks.

NIST 800-53: PE-5, AC-11, AC-19 — same evidence satisfies
ISO 27001: A.11.2.8, A.11.2.9 — same evidence satisfies
HITRUST CSF: 08.j, 08.k — same evidence satisfies