| |
Security Rule - Physical Safeguards
Background
Administrative Safeguards
Physical Safeguards
Technical Safeguards
User Responsibilities
Acceptable Uses of Electronic Resources
Specific Rules on NON-Acceptable Use of Electronic Resources
• Access - Procedures that grant access to EPHI by establishing, documenting, reviewing and modifying a user’s right of access to a workstation, software application/transaction or process.
• Awareness Training - Establish on-going security awareness through training or other means that provide workforce (including management) with updates to procedures and policies for guarding against, detecting and reporting malicious software.
• Incident Response - Procedures for responding to, documenting and mitigating where practicable suspected or known security incidents and their outcomes.
• Physical Access: Procedures to limit physical access to EPHI and the facility or facilities in which they are housed while ensuring that properly authorized access is allowed.
• Physical Identification Validation - Access must be physically safeguarded to prevent tampering and theft. Procedures must address control and validation of a person’s access to facilities based on their role or function, including visitors, employees, faculty, students and vendors.
• Media Movement - Procedures that govern the receipt and removal of hardware and electronic media that contain EPHI into and out of a facility, and the movement of these items within the facility.
• Media Final Disposition - Procedures to address the final disposition of EPHI, and/or the hardware or electronic media on which it is stored. Procedures include process for removal of EPHI from electronic media before the media is made available for other use.
|
|
