CHPC Study Group

  • 1.  This Week's List

    Posted 03-20-2023 10:25 AM

    A double-dose this week...posting both lists that I normally alternate! 

    164.XXX

    302 - A
    pplicability
    304 - Definitions
    306 - Security Rules - General
    308 - Administrative Safeguards
    310 - Physical Safeguards
    312 - Technical Safeguards
    314 - Organizational Requirements
    316 - Policies/Procedures/Documentation Requirements
    318 - Compliance Dates

    Always DSecurity in your AParTment using Other People's Cash

    Here is the "APT" (apartment) part, summarized...

    Standards

    Sections

    Implementation Specifications R = Required, A = Addressable

     

     

     

    Administrative Safeguards

     

     

    Security management process

    164.308(a)(1)

    Risk Analysis (R)

     

     

    Risk Management (R)

     

     

    Sanction Policy (R)

     

     

    Information System Activity Review (R)

     

     

     

    Assigned Security Responsibility

    164.308(a)(2)

    (R)

    Workforce Security

    164.308(a)(3)

    Authorization and/or Supervision (A)

     

     

    Workforce Clearance Procedure (A)

     

     

    Termination Procedures (A)

    Information Access Management

    164.308(a)(4)

    Isolating Healthcare Clearing House Function (R)

     

     

    Access Authorization (A)

     

     

    Access Establishment and Modification (A)

    Security Awareness and Training

    164.308(a)(5)

    Security Reminders (A)

     

     

    Protection from Malicious Software (A)

     

     

    Log-In Monitoring (A)

     

     

    Password Management (A)

    Security Incident Procedures

    164.308(a)(6)

    Response and Reporting (R)

    Contingency Plan

    164.308(a)(7)

    Data Backup Plan (R)

     

     

    Disaster Recovery Plan (R)

     

     

    Emergency Mode Operation Plan (R)

     

     

    Testing and Revision Procedure (A)

     

     

    Application and Data Criticality Analysis (A)

    Evaluation

    164.308(a)(8)

    (R)

    Business Associate Contracts and Other Arrangements

    164.308(b)(1)

    Written Contract or Other Arrangement (R)

    Physical Safeguards

     

     

    Facility Access Controls

    164.310(a)(1)

    Contingency Operations (A)

     

     

    Facility Security Plan (A)

     

     

    Access Control and Validation Procedures (A)

     

     

    Maintenance Records (A)

    Workstation Use

    164.310(b)

    (R)

    Workstation Security

    164.310(c)

    (R)

    Device and Media Controls

    164.310(d)(1)

    Disposal (R)

     

     

    Media Re-Use (R)

     

     

    Accountability (A)

     

     

    Data Backup and Storage (A)

    Technical Safeguards

     

     

    Access Control

    164.312(a)(1)

    Unique User Identification (R)

     

     

    Emergency Access Procedure (R)

     

     

    Automatic Logoff (A)

     

     

    Encryption and Decryption (A)

    Audit Controls

    164.312(b)

    (R)

    Integrity

    164.312(c)(1)

    Mechanism to Authenticate Electronic Protected Health Information (A)

    Person or Entity Authentication

    164.312(d)

    (R)

    Transmission Security

    164.312(e)(1)

    Integrity Controls (A)

     

     

    Encryption (A)

     

     

     



    ------------------------------
    Scot "(Riptide)" Lovejoy
    Chief Pharmacy / Compliance Officer
    Agadia Systems, Inc.
    Parsippany,NJ
    ------------------------------
    Certification Disclaimer