Since Frank just went over this during a weekend session, I decided to modify this weeks Security Rule post to reflect the content of that discussion.
Always
Do
Security in your
APar
Tment using
Other
Peoples
Cash
| Standards |
Sections |
Implementation Specifications R = Required, A = Addressable |
| |
|
|
| Administrative Safeguards |
|
|
| Security Management Process |
164.308(a)(1) |
Risk Analysis (R) |
| |
|
Risk Management (R) |
| |
|
Sanction Policy (R) |
| |
|
Information System Activity Review (R) |
| |
|
|
| Assigned Security Responsibility |
164.308(a)(2) |
(R) |
| Workforce Security |
164.308(a)(3) |
Authorization and/or Supervision (A) |
| |
|
Workforce Clearence Procedure (A) |
| |
|
Termination Procedures (A) |
| Information Access Management |
164.308(a)(4) |
Isolating Healthcare Clearing House Function (R) |
| |
|
Access Authorization (A) |
| |
|
Access Establishment and Modification (A) |
| Security Awareness and Training |
164.308(a)(5) |
Security Reminders (A) |
| |
|
Protection from Malicious Software (A) |
| |
|
Log-In Monitoring (A) |
| |
|
Password Management (A) |
| Security Incident Procedures |
164.308(a)(6) |
Response and Reporting (R) |
| Contingency Plan |
164.308(a)(7) |
Data Backup Plan (R) |
| |
|
Disaster Recovery Plan (R) |
| |
|
Emergency Mode Operation Plan (R) |
| |
|
Testing and Revision Procedure (A) |
| |
|
Application and Data Criticality Analysis (A) |
| Evaluation |
164.308(a)(8) |
(R) |
| Business Associate Contracts and Other Arrangements |
164.308(b)(1) |
Written Contract or Other Arrangement (R) |
| Physical Safeguards |
|
|
| Facility Access Controls |
164.310(a)(1) |
Contingency Operations (A) |
| |
|
Facility Security Plan (A) |
| |
|
Access Control and Validation Procedures (A) |
| |
|
Maintenance Records (A) |
| Workstation Use |
164.310(b) |
(R) |
| Workstation Security |
164.310(c) |
(R) |
| Device and Media Controls |
164.310(d)(1) |
Disposal (R) |
| |
|
Media Re-Use (R) |
| |
|
Accountability (A) |
| |
|
Data Backup and Storage (A) |
| Technical Safeguards |
|
|
| Access Control |
164.312(a)(1) |
Unique User Identification (R) |
| |
|
Emergency Access Procedure (R) |
| |
|
Automatic Logoff (A) |
| |
|
Encryption and Decryption (A) |
| Audit Controls |
164.312(b) |
(R) |
| Integrity |
164.312(c)(1) |
Mechanism to Authenticate Electronic Protected Health Information (A) |
| Person or Entity Authentication |
164.312(d) |
(R) |
| Transmission Security |
164.312(e)(1) |
Integrity Controls (A) |
| |
|
Encryption (A) |
| |
|
|
------------------------------
Scot "(Riptide)" Lovejoy
Chief Pharmacy / Compliance Officer
Agadia Systems, Inc.
Parsippany,NJ
------------------------------