ADMINISTRATIVE SAFEGUARDS


Administrative safeguards make up 50% of the Security Rule's standards. In general, they require documented policies and procedures for day-to-day operations; managing the conduct of employees with PHI; and managing the selection, development, and use of security controls. The specific standards of the administrative safeguards are:

  • Security management process: Implementing policies and procedures to prevent, detect, contain, and correct security violations.

  • Assigned security responsibility: A single individual must be designated as having overall responsibility for the security of a CE's EPHI.

  • Workforce security: Implementing policies and procedures to ensure that employees have only appropriate access to EPHI.

  • Information access management: Implementing policies and procedures for authorizing access to EPHI.

  • Security awareness and training: Implementing a security awareness and training program for a CE's entire workforce.

  • Security incident procedures: Implementing policies and procedures to handle security incidents.

  • Contingency plan: Implementing policies and procedures for responding to an emergency or other occurrence that damages systems containing EPHI.

  • Evaluation: Performing periodic technical and non-technical evaluations that determine the extent to which a CE's security policies and procedures meet the ongoing requirements of the Security Rule.

  • Business associate contracts and other arrangements: A CE may permit a business associate to create, receive, maintain, or transmit EPHI on the CE's behalf only if the CE has satisfactory assurance that the business associate will appropriately safeguard the data.




HIPAA Security Implementation, Version 1.0
HIPAA Security Implementation, Version 1.0
ISBN: 974372722
EAN: N/A
Year: 2003
Pages: 181

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net