SINDECUSE HEALTH CENTER SECURITY POLICIES
1. SECURITY MANAGEMENT PROCESS
2. RISK ANALYSIS
3. RISK MANAGEMENT
4. SANCTION POLICY
5. INFORMATION SYSTEM ACTIVITY REVIEW
6. ASSIGNED SECURITY RESPONSIBILITY
7. WORKFORCE SECURITY
8. AUTHORIZATION AND/OR SUPERVISION
9. WORKFORCE CLEARANCE PROCEDURE
10. TERMINATION PROCEDURES
11. INFORMATION ACCESS MANAGEMENT
12. ACCESS AUTHORIZATION
13. ACCESS ESTABLISHMENT AND MODIFICATION
14. SECURITY AWARENESS AND TRAINING
15. SECURITY REMINDERS
16. PROTECTION FROM MALICIOUS SOFTWARE
17. LOG-IN MONITORING
18. PASSWORD MANAGEMENT
19. SECURITY INCIDENT PROCEDURES
20. RESPONSE AND REPORTING
21. CONTINGENCY PLAN
22. DATA BACKUP PLAN
23. DISASTER RECOVERY PLAN
24. EMERGENCY MODE OPERATION PLAN
25. TESTING AND REVISION PROCEDURES
26. APPLICATIONS AND DATA CRITICALITY ANALYSIS
27. EVALUATION
28. BUSINESS ASSOCIATE CONTRACTS AND OTHER ARRANGEMENTS
29. FACILITY ACCESS CONTROLS
30. CONTINGENCY OPERATIONS
31. FACILITY SECURITY PLAN
32. ACCESS CONTROL AND VALIDATION PROCEDURES
33. MAINTENANCE RECORDS
34. WORKSTATION USE
35. WORKSTAION SECURITY
36. DEVICE AND MEDIA CONTROLS
37. DISPOSAL
38. MEDIA RE-USE
39. ACCOUNTABILITY
40. DATA BACKUP AND STORAGE
41. ACCESS CONTROL
42. UNIQUE USER IDENTIFICATION
43. EMERGENCY ACCESS PROCEDURE
44. AUTOMATIC LOG-OFF
45. ENCRYPTION AND DECRYPTION
46. AUDIT CONTROLS
47. INTEGRITY
48. MECHANISM TO AUTHENTICATE EPHI
49. PERSON OR ENTITY AUTHENTICATION
50. TRANSMISSION SECURITY
51 INTEGRITY CONTROLS
52. ENCRYPTION
53. POLICIES AND PROCEDURES FOR SECURITY
54. DOCUMENTATION
|
