Security Rule - Administrative Safeguards
Background
Administrative Safeguards
Physical Safeguards
Technical Safeguards
User Responsibilities
Acceptable Uses of Electronic Resources
Specific Rules on NON-Acceptable Use of Electronic Resources
In order to insure the security of EHPI the Health System has put into place several Administrative Policies:
• Sanctions - Appropriate sanctions against workforce members who fail to comply with the security procedures of the organization.
• System Monitoring - Procedures to regularly review records of information systems activity, such as audit logs, access reports, and security incident tracking reports.
• Workforce Supervision - Procedures for the authorization and/or supervision of workforce members who work with EPHI or in locations where it might be accessed.
• Appropriate Access - Procedures to determine that the access of a workforce member to EPHI is appropriate to support their role in business or clinical operations.
• Access Termination - Departmental procedures for terminating access to EPHI when employment ends or need for access no longer exists.
• Business Associate Obligations - Ensure safeguards are contractually mandated with any Business Associate or transaction clearinghouse that may have access to Health System EPHI.
|
