Difference between revisions of "Administrative Safeguards"

From Clinfowiki
Jump to: navigation, search
Line 1: Line 1:
'''Administrative safeguards''' refers to measures put in place to secure and protect the computer hardware and information from  external threats.
+
Administrative Safeguards
 +
These are going to be policies and procedures put in place or actions that an organization will take to ensure that the protection of electronic protected health (PHI) information. They are put in place to ensure the following:
 +
i. identify and analyze potential risk to PHI and that there are appropriate security measures to reduce the risk and vulnerabilities,
  
== Questions that need to be considered in building administrative safeguards ==
+
ii. that the policies and procedure should allow access to PHI only to appropriate associates who have a need to know based on the roles the play in an organization,
  
* Terminals can not be used or viewed by unauthorized users?
+
iii. designate an individual or security officer whose sole responsibility is to develop, implement, and enforce the said policies and procedures,
* Workstations in publicly-accessible areas log off if left idle?
+
 
* Evidence of physical security for all system hardware components?
+
iv. proper supervision of employees or associates authorized to handle e-PHI and that these individuals are appropriately trained, and established appropriate sanctions are in place to violators of these policies and procedure,
* Remote access to clinical applications is secured via 2-factor authentication?
+
 
* All patient-identifiable information that is transmitted outside the organization should be encrypted?
+
v. and finally, each organizations should have policies and procedures in place to perform periodic assessment on how well they it's establish policies and procedures meet the requirement for Administrative Safeguards.
* Record of the ratio of user-initiated system logouts to total system logouts?
+
 
* % of workstations with up-to-date virus protection software?
+
The administrative safeguards implemented, should be consistent with the Privacy Rule Standards related to use and disclosure of PHI.
* [[Removing Paper|“Recycling” bins for paper]]/print-outs containing patient-identifiable data should be made of metal and be locked?
+
* All system hardware kept in locked rooms and portable devices secured?
+
  
== References ==
 
<references/>
 
  
 
[[Category: Definition]]
 
[[Category: Definition]]

Revision as of 04:14, 21 November 2014

Administrative Safeguards These are going to be policies and procedures put in place or actions that an organization will take to ensure that the protection of electronic protected health (PHI) information. They are put in place to ensure the following: i. identify and analyze potential risk to PHI and that there are appropriate security measures to reduce the risk and vulnerabilities,

ii. that the policies and procedure should allow access to PHI only to appropriate associates who have a need to know based on the roles the play in an organization,

iii. designate an individual or security officer whose sole responsibility is to develop, implement, and enforce the said policies and procedures,

iv. proper supervision of employees or associates authorized to handle e-PHI and that these individuals are appropriately trained, and established appropriate sanctions are in place to violators of these policies and procedure,

v. and finally, each organizations should have policies and procedures in place to perform periodic assessment on how well they it's establish policies and procedures meet the requirement for Administrative Safeguards.

The administrative safeguards implemented, should be consistent with the Privacy Rule Standards related to use and disclosure of PHI.

Retrieved from "https://www.clinfowiki.org/wiki/index.php?title=Administrative_Safeguards&oldid=18482"