2.10 REQUIREMENTS

Previous page
Table of content
Next page

2.10 REQUIREMENTS

In addition to the three safeguards there are two requirements. One addresses business associate contracts and arrangements. The other addresses policy and procedure documentation requirements

2.10.1 Business Associate Contracts or Other Arrangements (Required)

A covered entities responsibility does not end because they have a contract with a business arrangement to handle ePHI. Covered entities need to ensure their business associates implement controls to maintain the confidentiality, integrity, and availability of ePHI. Business contracts with associates must include provisions to secure ePHI and authorize termination with the associate if possible. In some instances it will not be possible for covered entities to terminate contracts or other arrangements such as Memorandums of Understanding between government agencies. Covered entities are required to notify the Secretary of Health and Human Services if their business associate does not maintain the requirements of the Security Rule.

2.10.2 Policies and Procedures Documentation Requirements (Required)

All policies and procedures implemented to safeguard ePHI must be documented. Any changes to policies and procedures must be documented. All documentation must be kept on file for six years and open for review upon request.



Previous page
Table of content
Next page
HIPAA Security Implementation, Version 1.0
HIPAA Security Implementation, Version 1.0
ISBN: 974372722
EAN: N/A
Year: 2003
Pages: 181
BUY ON AMAZON
Qshell for iSeries
Lotus Notes and Domino 6 Development (2nd Edition)
Postfix: The Definitive Guide
Cisco CallManager Fundamentals (2nd Edition)
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
Programming .Net Windows Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy