My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
6.6. ERMUSR 05-16-2006
ElkRiver
>
City Government
>
Boards and Commissions
>
Utilities Commission
>
Packets
>
2003-2013
>
2006
>
05-16-2006
>
6.6. ERMUSR 05-16-2006
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
3/31/2009 3:44:30 PM
Creation date
3/31/2009 3:44:30 PM
Metadata
Fields
Template:
City Government
type
ERMUSR
date
5/16/2006
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
11
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
procedures described in this policy unless The Plan(s) Security Officer determines it is <br />necessary for plan administration purposes to store ePHI on portable workstations. <br />It has been determined that it is not reasonable to develop automatic logoff procedures or data <br />encryption mechanisms specifically for systems used to access ePHI. Automatic logoff and data <br />encryption will be used for systems used to access ePHI if exiting existing Plan Sponsor system <br />access policies and procedures include these capabilities and requirements. <br />When ePHI is accessed by using systems that contain audit control capabilities, The Plan(s) will <br />periodically review audit reports to assist in determining if a security violation has occurred. <br />Employees who have been granted access to ePHI according to The Plan(s) policies and <br />procedures will be subject to The Plan's sanction policy if they allow unauthorized access to <br />ePHI by circumventing access control (e.g. sharing their unique login LD. and password). <br />10. Device and Media Controls and Integrity of Data <br />[§164.310(d)(1), §164.310(d)(2)(i), §164.310(d)(2)(ii), §164.310(d)(2)(iii), §164.312(c)(1) <br />Any ePHI stored by The Plan(s) in electronic storage media will be subject to the following <br />procedures to ensure that the ePHI is not inappropriately used. <br />• All hardware, storage devices, and electronic media which contains or contained ePHI will be <br />erased, re-formatted or rendered unusable in a technically sufficient manner prior to disposal, or <br />re-use for other purposes, to assure no unauthorized access to ePHI is possible in the future. <br />• The Plan's SecuriryOfficial will be responsible to ensure that electronic media is controlled in <br />accordance with this policy and maintain any reasonable documentation necessary. <br />1t has been determined that it is not reasonable or necessary to implement technical procedures <br />for automatic data integrity checks for systems used to access ePHI alone. The Plan(s) will <br />use existing Plan Sponsor data integrity procedures and policies, if available and reasonable, to <br />determine if ePHI has been altered or destroyed in an unauthorized manner. <br />11. Transmission Security <br />[§164.312(e)(1), §164.312(e)(2)(i)] <br />The Plan(s) will implement the following measures to protect ePHI that is being transmitted <br />over electronic communications networks including the Internet. <br />It has been determined that it is not reasonable or necessary to implement transmission integrity <br />controk or email and electronic communication encryption procedures only for systems used to <br />access or transmit ePHI. The Plan(s) will use existing Plan Sponsor transmission integrity and <br />email and communication encryption procedures, if available and reasonable, to protect ePHI <br />transmitted over electronic networks. <br />If the Plan Sponsor does not have existing transmission integrity or encryption procedures <br />available, The Plan will implement the following procedures to protect ePHI transmitted over <br />electronic networks: <br />a. ePHI sent via email will be contained in a separate file sent as an attachment whenever <br />reasonable. Files containing ePHI will be protected bya password when possible. Passwords <br />necessary to access the file will be sent to the recipient via separate communication. <br />12. Group Health Plan Document Requirements <br />
The URL can be used to link to this page
Your browser does not support the video tag.