Section 7: Security

VIIA1 (Information Security Management Program (ISMP)
VIIB1 (PHI Access Registration/De-Registration)
VIIB2 (System Access Privileges)
VIIB3 (Password Policy)
VIIB4 (PHI Access Monitoring System)
VIIB5 (Clear Desk Policy)
VIIB6 (Strong, Multi-Factor; Wireless Authentication)
VIIB7 (Access to Ports Controlled)
VIIB8 (Information Systems Segregated on Networks)
VIIB9 (Network Traffic Control)
VIIB10 (Routing Controls)
VIIB11 (Multi-Factor Authentication and Unique IDs)
VIIB12 (Screen Lock/Time Out Policy)
VIIB13 (Periodic PHI Access Reviews)
VIIB14 (Dedicated Sensitive System Computing Environment)
VIIB15 (Mobile Device Management)
VIIB16 (Telework)
VIIC1 (Security Roles & Responsibilities)
VIIC2 (Security Training)
VIIC3 (Employee Training)
VIIC4 (Sanction Policy)
VIIC5 (Termination Process)
VIID1
VIID2
VIID3
VIIE1 (Information Security Policies)
VIIE2 (Periodic Policy Updates)
VIIF1 (Data Security Leadership)
VIIF2 (Periodic, Independent Information Security Reviews)
VIIF3 (External Party PHI Access)
VIIF4 (Agreements with Third Parties)
VIIF5 (Customer Access to PHI)
VIIG1 (Record Retention & Protection)
VIIG2 (Data Protection and Privacy Compliance)
VIIG3 (Deterring Unauthorized Access)
VIIG4 (Automated Compliance & Monitoring Systems)
VIIG5 (PHI Hardware/Software inventory & Security)
VIIH1 (PHI Asset Management & Destruction)
VIIH2 (Information System Acceptable Behavior)
VIII1 (Entry Control)
VIII2 (Protection Against Physical Damage)< VIII3 (Facility & Equipment Maintenance) VIII4 (Destruction of Equipment Containing PHI) VIIJ1 (Network Security Audit Logs) VIIJ2 (Use of Automated Security Information and Event Management-SIEM Systems)< VIIJ3 (Audits of System Administrator Activity) VIIJ4 (Change Control & Configuration Management) VIIJ5 (Change Control Separation of Duties) VIIJ6 (Third Party Performance Assurance) VIIJ7 (Monitoring of Third Party/BAA Performance) VIIJ8 (Anti-Virus Policies) VIIJ9 (Mobile Code Control) VIIJ10 (Daily Back-Ups) VIIJ11 (Ensuring Network Data Integrity) VIIJ12 (Tracking System for Business Party Performance) VIIJ13 (Destruction of PHI Media) VIIJ14 (Disposal of PHI Media) VIIJ15 (PHI Data Transport/Transfer Procedures) VIIJ16 (Exchange of Medical Data Safety) VIIJ17 (Protected Electronic Messaging)< VIIJ18 (eCommerce) VIIJ19 (Online Transactions) VIIK1 (New Information System Procurement Process)< VIIK2 (Software Development Life Cycle) VIIK3 (Encryption)< VIIK4 (Safe Software Coding and Testing) VIIK5 (Formal Change Control Procedures) VIIK6 (Outsourced Software) VIIK7 (Timely Awareness of Info System Technical Vulnerabilities) VIIL1 (Incident Response) VIIL2 (Timely Incident Response) VIIL3 (Monitor & Quantify Information Security Incidents) VIIM1 (Probability & Impact of Risks) VIIM2 (Business Continuity Time frames) VIIM3 (Business Continuity Framework)

Keep Up To Date

Join our mailing list to stay current on technology in health care.

You have Successfully Subscribed!