Security Rule - Technical Safeguards
Background
Administrative Safeguards
Physical Safeguards
Technical Safeguards
User Responsibilities
Acceptable Uses of Electronic Resources
Specific Rules on NON-Acceptable Use of Electronic Resources
• User Sign-on - Access procedures that assign unique names or numbers for identifying and tracking user identity. Electronic sessions terminate automatically after a predetermined time. EPHI must be encrypted and decrypted when necessary and appropriate for electronic transmission.
• Data Integrity - Procedures that protect EPHI from improper alteration or destruction, which include a mechanism to authenticate EPHI and corroborate that it has not been altered or destroyed in an unauthorized manner.
• Authentication - Procedures or mechanisms to verify that a person or entity seeking access to EPHI is the one claimed.
• Data Transmissions - Technical safeguards to insure EPHI transmitted over an electronic communications network is not accessed by unauthorized persons or groups, and that such information is not improperly modified without detection until disposed of.
|
