My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
6.6. ERMUSR 05-16-2006
ElkRiver
>
City Government
>
Boards and Commissions
>
Utilities Commission
>
Packets
>
2003-2013
>
2006
>
05-16-2006
>
6.6. ERMUSR 05-16-2006
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
3/31/2009 3:44:30 PM
Creation date
3/31/2009 3:44:30 PM
Metadata
Fields
Template:
City Government
type
ERMUSR
date
5/16/2006
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
11
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
a. Periodically evaluate this Policy and the procedures implemented to protect ePHI. <br />The Security Official will maintain reasonable and appropriate policies and <br />procedures to comply with the HIPAA Security Standards and make appropriate <br />changes when necessary. § 164.308(a)(8), § 164.316(a) <br />b. Regularly review the activity of any information systems involved in the <br />maintenance or transmission of PHI to determine if ePHI has been used or <br />disclosed in an inappropriate manner as required by § 164.308(a)(1)(ii)(D). <br />c. Report to appropriate Plan Administrator and/or corporate office of Plan Sponsor <br />any suspected or known security incidents as defined by § 164.308(a)(6)(ii). <br />4. Workforce Security <br />[§164.308(a)(3) and §164.308(a)(4), §164.312(d)] <br />Employee authorization to access systems that maintain or transmit ePHI, including <br />determination of appropriate employee clearance level, person authentication, and effective <br />and timely termination of system access for employees who no longer qualify for system <br />access will be the responsibility of The Plan(s) Security Official. The Security Official may <br />delegate these duties to appropriate parties based on exiting plan sponsor information system <br />access policies and procedures. <br />The Plan(s) and Plan Sponsor do not perform clearinghouse functions as defined by HIPAA <br />so no procedures are necessary to meet security standards defined in § 164.308(a)(3)(ii)(B). <br />5. Security Awareness and Training <br />The Plan(s) will require any employee of The Plan(s) or Plan Sponsor who is involved in the <br />administration or management of The Plan(s) to certify in writing that they have received <br />training and have read and understood The Plan's Security Policy. <br />Employees will also be provided additional existing Plan Sponsor security training when <br />available and appropriate. This training may include (but not be limited to) security <br />reminders, protection from malicious software, and log-in monitoring if The Plan Sponsor has <br />existing procedure to identify inappropriate system access attempts. <br />Employees will be trained on procedures for creating and maintaining appropriate and <br />effective passwords consistent with existing Plan Sponsor information system password <br />policies and procedures. <br />At least once per year, The Plan's Security Officer will review the Security Policy with <br />individuals involved in the administration and management of The Plan(s). <br />6. Contingency Plan <br />Data Backup Plan and Application and Data Analysis [§164.308(a)(7)(ii)(A), <br />§164.308(a)(1)(ii)(E), §164.310(d)(2)(iv)] <br />
The URL can be used to link to this page
Your browser does not support the video tag.