Home HIPAA Controls 164.310(a)(1)
164.310(a)(1) Physical Safeguards

Facility Access Controls

High Risk Moderate High

Implement policies and procedures to limit physical access to electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed.

Implementation Guidance

Develop comprehensive facility access control policies including:
• Physical access controls for facilities housing ePHI systems
• Visitor access procedures and controls
• Employee access procedures and controls
• Maintenance and service personnel access procedures
• Emergency access procedures
• Monitoring and logging of physical access

Key components:
- Contingency operations procedures
- Facility security plan
- Access control and validation procedures
- Maintenance records
- Physical access monitoring and logging

Required Documentation

• Facility access control policies
• Contingency operations procedures
• Facility security plan
• Access control and validation procedures
• Maintenance records and procedures
• Physical access monitoring and logging procedures
• Visitor access procedures
• Emergency access procedures

Best Practices

• Implement layered physical security
• Use access control systems and monitoring
• Regular review of access permissions
• Document all access control procedures
• Train workforce on physical security
• Regular testing of access controls
• Implement emergency access procedures

Common Violations

• Inadequate physical access controls
• Lack of visitor access procedures
• Insufficient monitoring of physical access
• Inadequate maintenance procedures
• Lack of emergency access procedures
• Insufficient documentation of access controls

Testing Procedures

• Review facility access control policies
• Test physical access controls
• Verify visitor access procedures
• Review maintenance procedures
• Test emergency access procedures
• Verify monitoring and logging capabilities
• Review documentation of access controls

Implementation Resources

Download expert-developed templates and checklists to implement this control:

Implementation Checklist
Policy Template

Quick Facts

Control ID 164.310(a)(1)
Category Physical Safeguards
Risk Level High
Difficulty Moderate
Est. Cost High
Timeframe 2-4 months
Last Updated Mar 1, 2026
Get Expert Help Free Assessment

Related Controls

Explore other controls in the Physical Safeguards category.

164.310(b) High

Media Controls

Implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain ePHI into and out of a facility, a...

164.310(a)(2) Medium

Workstation Use

Implement policies and procedures that specify the proper functions to be performed, the manner in which those functions are to be performed, and the ...

164.310(a)(2)(ii) Medium

Workstation Controls

Implement physical safeguards for all workstations that access ePHI, to restrict access to authorized users....

Need Help Implementing This Control?

Our certified HIPAA experts can help you implement this control correctly and efficiently.

Contact Our Experts View All Controls