UO > Legal Matters > Security Rule Savvy

SIDEBAR

Security Rule Specifications

Standards followed by implementation specifications

c Required standards or specifications

g Addressable specifications

administrative Safeguards

Security Management Process
c Risk Analysis
c Risk Management
c Sanction Policy
c Information System Activity Review

c Assigned Security Responsibilities

Workforce Security
g Authorization and/or Supervision
g Workforce Clearance Procedure Termination
Procedures

Information Access Management
c Isolating Health Care Clearinghouse Function
g Access Authorization
g Access Establishment and Modification

Security Awareness and Training
g Security Reminders
g Protection from Malicious Software
g Log-in Monitoring
g Password Management

Security Incident Procedures
c Response and Reporting

Contingency Plan
c Data Backup Plan
c Disaster Recovery Plan
c Emergency Mode Operation Plan
g Testing and Revision Procedure
g Applications and Data Criticality Analysis

c Evaluation

Business Associate Contracts
and Other Arrangement
c Written Contract or Other Arrangement

Physical Safeguards

Facility Access Controls
g Contingency Operations
g Facility Security Plan
g Access Control and Validation Procedures
g Maintenance Records

c Workstation Use

c Workstation Security

Device and Media Controls
c Disposal
c Media Re-use
g Accountability
g Data Backup and Storage

technical Safeguards

Access Control
c Unique User Identification
c Emergency Access Procedure
g Automatic Logoff
g Encryption and Decryption

c Audit Controls

Integrity
g Mechanism to Authenticate Electronic
Protected Health Information

c Person or Entity Authentication

Transmission Security
g Integrity Controls
g Encryption

PREPARED BY BRUCE D. ARMON FROM 68 FR 8380

1 | 2

@ 2004 UO Inc. www.uoworks.com 800-888-2047





						SIDEBAR Security Rule Specifications Standards followed by implementation specifications c Required standards or specifications g Addressable specifications administrative Safeguards Security Management Process c Risk Analysis c Risk Management c Sanction Policy c Information System Activity Review c Assigned Security Responsibilities Workforce Security g Authorization and/or Supervision g Workforce Clearance Procedure Termination Procedures Information Access Management c Isolating Health Care Clearinghouse Function g Access Authorization g Access Establishment and Modification Security Awareness and Training g Security Reminders g Protection from Malicious Software g Log-in Monitoring g Password Management Security Incident Procedures c Response and Reporting Contingency Plan c Data Backup Plan c Disaster Recovery Plan c Emergency Mode Operation Plan g Testing and Revision Procedure g Applications and Data Criticality Analysis c Evaluation Business Associate Contracts and Other Arrangement c Written Contract or Other Arrangement Physical Safeguards Facility Access Controls g Contingency Operations g Facility Security Plan g Access Control and Validation Procedures g Maintenance Records c Workstation Use c Workstation Security Device and Media Controls c Disposal c Media Re-use g Accountability g Data Backup and Storage technical Safeguards Access Control c Unique User Identification c Emergency Access Procedure g Automatic Logoff g Encryption and Decryption c Audit Controls Integrity g Mechanism to Authenticate Electronic Protected Health Information c Person or Entity Authentication Transmission Security g Integrity Controls g Encryption PREPARED BY BRUCE D. ARMON FROM 68 FR 8380 1 \| 2 @ 2004 UO Inc. www.uoworks.com 800-888-2047