Administrative Safeguards

Overview:Perform a periodic technical and nontechnical evaluation, based initially upon the standards implemented under this rule and subsequently, in response to environmental or operational changes affecting the security of electronic protected... Read More

Overview:Implement policies and procedures for authorizing access to electronic protected health information that are consistent with the applicable requirements of subpart E of this part. Action Items:1) Obtain and review the policies and procedures... Read More

Overview:Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports. Action Items:1) Obtain and review policies and procedures related to reviewing... Read More

Overview:If a health care clearinghouse is part of a larger organization, the clearinghouse must implement polices and procedures that protect the electronic protected health information of the clearinghouse from unauthorized access by the larger... Read More

Overview:Procedures for monitoring log-in attempts and reporting discrepancies. Action Items:1) Obtain and review procedures (or other vehicle) for monitoring log-in and reporting discrepancies and related training material. Elements to review may... Read More

Overview:Procedures for creating, changing, and safeguarding passwords. Action Items:1) Obtain and review password management procedures and training (or other vehicle) for creating, changing, and safeguarding passwords. Elements to review may... Read More

Overview:Procedures for guarding against, detecting, and reporting malicious software. Action Items:1) Obtain and review documentation demonstrating that the procedures for guarding against, detecting, and reporting malicious software are... Read More

Overview:Identify and respond to suspected or known security incidents; mitigate, to the extent practicable, harmful effects of security incidents that are known to the covered entity; and document security incidents and their outcomes. Action Items... Read More

Overview:Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate. Action... Read More

Overview:Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with Sec 164.206(a). Action Items:1) Obtain and review policies and procedure related to risk management. Evaluate and... Read More