Difference between revisions of "Administrative Safeguards"
From Clinfowiki
(→Second Definition) |
|||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | + | == First Definition == | |
| − | + | These are going to be policies and procedures put in place or actions that an organization will take to ensure that the protection of electronic protected health (PHI) information. They are put in place to ensure the following: | |
| − | * | + | * Identify and analyze potential risk to PHI and that there are appropriate security measures to reduce the risk and vulnerabilities, |
| − | * | + | |
| − | * | + | * That the policies and procedure should allow access to PHI only to appropriate associates who have a need to know based on the roles the play in an organization, |
| − | * | + | |
| − | * | + | * Designate an individual or security officer whose sole responsibility is to develop, implement, and enforce the said policies and procedures, |
| − | + | ||
| − | + | * Proper supervision of employees or associates authorized to handle e-PHI and that these individuals are appropriately trained, and established appropriate sanctions are in place to violators of these policies and procedure, | |
| − | * | + | |
| − | * | + | * Finally, each organizations should have policies and procedures in place to perform periodic assessment on how well they it's establish policies and procedures meet the requirement for Administrative Safeguards. |
| + | |||
| + | The administrative safeguards implemented, should be consistent with the Privacy Rule Standards related to use and disclosure of PHI. | ||
| + | |||
| + | == Second Definition == | ||
| + | |||
| + | Administrative safeguards are the security measures established by an organization through their policies and procedures or actions, for the purpose of protecting electronic protected health information (e-PHI). <ref name="Security Standards"> US Department of Health and Human Services. (2007). Security standards: administrative safeguards (rev.). HIPAA Security Series, 2(2). http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/adminsafeguards.pdf </ref> | ||
| + | |||
| + | Organizations are required to adhere to the Administrative Safeguard standards in order to meet the Health Insurance Portability and Accountability Act (HIPAA) Security Rule requirements. | ||
| + | |||
| + | === Administrative Safeguards Standards <ref name="Security Standards"> US Department of Health and Human Services. (2007). Security standards: administrative safeguards (rev.). HIPAA Security Series, 2(2). http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/adminsafeguards.pdf </ref> === | ||
| + | |||
| + | * Security Management Process | ||
| + | **Risk Analysis (Required) | ||
| + | **Risk Management (Required) | ||
| + | **Sanction (Required) | ||
| + | **Information System Activity Review (Required) | ||
| + | * Assigned Security Responsibility | ||
| + | * Workforce Security | ||
| + | **Authorization and/or Supervision (Addressable) | ||
| + | **Workforce Clearance Procedure (Addressable) | ||
| + | **Termination Procedures (Addressable) | ||
| + | * Information Access Management | ||
| + | **Isolating Health Care Clearinghouse Functions (Required) | ||
| + | **Access Authorization (Addressable) | ||
| + | **Access Establishment and Modification (Addressable) | ||
| + | * Security Awareness and Training | ||
| + | **Security Reminders (Addressable) | ||
| + | **Protection from Malicious Software (Addressable) | ||
| + | **Log-In Monitoring (Addressable) | ||
| + | **Password Management (Addressable) | ||
| + | *Security Incident Procedures | ||
| + | **Response and Reporting (Required) | ||
| + | *Contingency Plan | ||
| + | **Data Backup Plan (Required) | ||
| + | **Disaster Recovery Plan (Required) | ||
| + | **Emergency Mode Operation Plan (Required) | ||
| + | **Testing and Revision Procedures (Addressable) | ||
| + | **Applications and Data Criticality Analysis (Addressable) | ||
| + | * Evaluation | ||
== References == | == References == | ||
Latest revision as of 02:05, 19 November 2015
Contents
First Definition
These are going to be policies and procedures put in place or actions that an organization will take to ensure that the protection of electronic protected health (PHI) information. They are put in place to ensure the following:
- Identify and analyze potential risk to PHI and that there are appropriate security measures to reduce the risk and vulnerabilities,
- That the policies and procedure should allow access to PHI only to appropriate associates who have a need to know based on the roles the play in an organization,
- Designate an individual or security officer whose sole responsibility is to develop, implement, and enforce the said policies and procedures,
- Proper supervision of employees or associates authorized to handle e-PHI and that these individuals are appropriately trained, and established appropriate sanctions are in place to violators of these policies and procedure,
- Finally, each organizations should have policies and procedures in place to perform periodic assessment on how well they it's establish policies and procedures meet the requirement for Administrative Safeguards.
The administrative safeguards implemented, should be consistent with the Privacy Rule Standards related to use and disclosure of PHI.
Second Definition
Administrative safeguards are the security measures established by an organization through their policies and procedures or actions, for the purpose of protecting electronic protected health information (e-PHI). [1]
Organizations are required to adhere to the Administrative Safeguard standards in order to meet the Health Insurance Portability and Accountability Act (HIPAA) Security Rule requirements.
Administrative Safeguards Standards [1]
- Security Management Process
- Risk Analysis (Required)
- Risk Management (Required)
- Sanction (Required)
- Information System Activity Review (Required)
- Assigned Security Responsibility
- Workforce Security
- Authorization and/or Supervision (Addressable)
- Workforce Clearance Procedure (Addressable)
- Termination Procedures (Addressable)
- Information Access Management
- Isolating Health Care Clearinghouse Functions (Required)
- Access Authorization (Addressable)
- Access Establishment and Modification (Addressable)
- Security Awareness and Training
- Security Reminders (Addressable)
- Protection from Malicious Software (Addressable)
- Log-In Monitoring (Addressable)
- Password Management (Addressable)
- Security Incident Procedures
- Response and Reporting (Required)
- Contingency Plan
- Data Backup Plan (Required)
- Disaster Recovery Plan (Required)
- Emergency Mode Operation Plan (Required)
- Testing and Revision Procedures (Addressable)
- Applications and Data Criticality Analysis (Addressable)
- Evaluation
References
- ↑ 1.0 1.1 US Department of Health and Human Services. (2007). Security standards: administrative safeguards (rev.). HIPAA Security Series, 2(2). http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/adminsafeguards.pdf
