CHPC Study Group

  • 1.  This Week's List

    Posted 02-06-2023 11:04 AM
    Since Frank just went over this during a weekend session, I decided to modify this weeks Security Rule post to reflect the content of that discussion.

    Always Do Security in your AParTment using Other Peoples Cash

    Standards Sections Implementation Specifications R = Required, A = Addressable
    Administrative Safeguards    
    Security Management Process 164.308(a)(1) Risk Analysis (R)
        Risk Management (R)
        Sanction Policy (R)
        Information System Activity Review (R)
    Assigned Security Responsibility 164.308(a)(2) (R)
    Workforce Security 164.308(a)(3) Authorization and/or Supervision (A)
        Workforce Clearence Procedure (A)
        Termination Procedures (A)
    Information Access Management 164.308(a)(4) Isolating Healthcare Clearing House Function (R)
        Access Authorization (A)
        Access Establishment and Modification (A)
    Security Awareness and Training 164.308(a)(5) Security Reminders (A)
        Protection from Malicious Software (A)
        Log-In Monitoring (A)
        Password Management (A)
    Security Incident Procedures 164.308(a)(6) Response and Reporting (R)
    Contingency Plan 164.308(a)(7) Data Backup Plan (R)
        Disaster Recovery Plan (R)
        Emergency Mode Operation Plan (R)
        Testing and Revision Procedure (A)
        Application and Data Criticality Analysis (A)
    Evaluation 164.308(a)(8) (R)
    Business Associate Contracts and Other Arrangements 164.308(b)(1) Written Contract or Other Arrangement (R)
    Physical Safeguards    
    Facility Access Controls 164.310(a)(1) Contingency Operations (A)
        Facility Security Plan (A)
        Access Control and Validation Procedures (A)
        Maintenance Records (A)
    Workstation Use  164.310(b) (R)
    Workstation Security 164.310(c) (R)
    Device and Media Controls  164.310(d)(1) Disposal (R)
        Media Re-Use (R)
        Accountability (A)
        Data Backup and Storage (A)
    Technical Safeguards    
    Access Control 164.312(a)(1) Unique User Identification (R)
        Emergency Access Procedure (R)
        Automatic Logoff (A)
        Encryption and Decryption (A)
    Audit Controls  164.312(b) (R)
    Integrity 164.312(c)(1) Mechanism to Authenticate Electronic Protected Health Information (A)
    Person or Entity Authentication 164.312(d) (R)
    Transmission Security 164.312(e)(1) Integrity Controls (A)
        Encryption (A)

    Scot "(Riptide)" Lovejoy
    Chief Pharmacy / Compliance Officer
    Agadia Systems, Inc.
    Certification Disclaimer