| Framework | HIPAA Security Rule |
|---|---|
| Control ID | §164.312(a)(2)(iv) |
| Control Family | Technical Safeguards > Access Control > Encryption |
| Control Name | Encryption and Decryption |
| Status | IMPLEMENTED |
| Assessment Date | 2026-04-19T02:25:35.202960+00:00 |
| Assessor | TITAN AI Scanner v2.0 (CONDUCTOR + BASTION + SCOUT + COMPLY + SAGE) |
| Environment Scope | Azure: Pay-As-You-Go (prod) (4f29d094-1079-44c9-acb0-4d73a7a2dd34) |
| Report ID | 0a8fab4ce8c9ff789518a17ef684a9d1fc5ccbf753a79e3aba70b8938eec8581 |
Implementation Specification: Encryption and Decryption (Addressable). Implement a mechanism to encrypt and decrypt electronic protected health information.
Source: https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164/subpart-C/section-164.312
Each implementation specification addressed separately per HIPAA §164.306(d) / NIST 800-53A assessment methodology.
Summarized with counts + exceptions + drill-down. Raw data available on request per retention policy.
Test of Design (does the control exist?) + Test of Operating Effectiveness (does it work consistently?). Sampling per AICPA AU-C 530.
n/a
Crypto standard v1.5 current.
10 stores
100% coverage.
Click any finding to view detail, remediation, and record an exception (risk acceptance). Exceptions are retained in the report as part of the audit trail.
sa-finance-prod-eastus
Microsoft-managed key instead of CMK.
▾
SOC 2 Type 2 and HITRUST assessors require management's written response to findings.
| Scanner | TITAN AI Scanner v2.0 (CONDUCTOR + BASTION + SCOUT + COMPLY + SAGE) |
|---|---|
| Scanner version | v2.0.1 |
| Collection timestamp | 2026-04-19T02:25:35.202960+00:00 |
| Retention | 2555 days (HIPAA 164.316(b)(2)) |
| Report hash (SHA-256) | 0a8fab4ce8c9ff789518a17ef684a9d1fc5ccbf753a79e3aba70b8938eec8581 |
This same evidence is admissible for the following related controls. Scan once, satisfy multiple frameworks.
SC-13, SC-28, SC-8 — same evidence satisfiesCC6.7, CC6.8 — same evidence satisfies3.5, 3.6, 3.7, 4.1 — same evidence satisfiesA.10.1, A.14.1.3 — same evidence satisfies01.v, 06.d, 10.f — same evidence satisfies