|
|
| Access Authorization Policy and Procedure |
Policy and procedure affirming staff only have access to ePHI needed to perform their jobs. |
| Audit Control Policy and Procedure |
Policy and procedure addressing event logging and regularly scheduled audits. |
| Business Associate Policy and Procedure |
Policy and procedure addressing business associate contract requirements. |
| Data Backup Policy and Procedure |
Policy and procedure addressing routine data backup. |
| Data Integrity Policy and Procedure |
Policy and procedure addressing technical data integrity controls. |
| Device and Media Accountability Policy and Procedure |
Policy and procedure addressing equipment and media movement. |
| Disposal and Media Re-use Policy and Procedure |
Policy and procedure describing standards for media re-use and disposal. |
| Facility Access Control Policy and Procedure |
Policy and procedure describing facilitiy access controls and emergency access procedures |
| Password Management Policy and Procedure |
Policy and procedure explaining password management practices. |
| Remote Workstation Use and Security Policy and Procedure |
Policy and procedure addressing workstation security in outside environments. |
| Risk Analysis Policy and Procedure |
Policy and procedure describing the risk analysis process. |
| Risk Management Policy and Procedure |
Policy and procedure describing risk management processes. |
| Sanctions Policy and Procedure |
Policy and procedure addressing sanctions for security violations. |
| Security Awareness and Training Policy and Procedure |
Policy and procedure addressing workforce training requirements. |
| Security Evaluation Policy and Procedure |
Policy and procedure describing the security evaluation process. |
| Security Incident Policy and Procedure |
Policy and procedure describing the process for reporting and tracking security incidents. |
| Session Termination Policy and Procedure |
Policy and procedure addressing automatic session termination controls. |
| System Activity Review Policy and Procedure |
Policy and procedure identifying frequency and types of data included in system activity reviews. |
| Technical Access Control Policy and Procedure |
Policy and procedure addressing management of user IDs and access privileges. |
| User Authentication Policy and Procedure |
Policy and procedure describing user authentication technical controls. |
| Workforce Security Policy and Procedure |
Policy and procedure addressing workforce access to ePHI. |
| Workstation Use and Security Policy and Procedure |
Policy and procedure addressing workstation security in office environments. |
| Policies and Procedures Planning Worksheet |
Worksheet used to identify appropriate security policies and procedures. |
|
|
| Access Termination Checklist |
Checklist of security-related activities to be considered when an employee is terminated. |
| Common Security Incidents Checklist |
List of common security incidents organizations may want to report on and track. |
| Compliance Documentation Checklist |
Checklist used to verify that all required security documentation has been prepared. |
| Disaster Recovery Resource Checklist |
Checklist used to evaluate resource requirements in an emergency. |
| Remote Workstation Security Checklist |
Checklist used to evaluate workstation use in remote locations. |
| Workstation Security Checklist |
Checklist used to evaluate the adequacy of workstation security measures. |
|
|
| Affiliated Covered Entity Memorandum |
Memo documenting the organization's designation as an affiliated entity. |
| Business Associate Contract Addendum |
Contract addendum template addressing security requirements. |
| Business Associate Contract Log |
Log tracking efforts to obtain security addenda from business associates |
| Business Associate Contract (Security) |
Business Associate Agreeement with security provisions inlcuded. |
| Clearinghouse Determination Memo |
Memo documenting review of clearinghouse requirements. |
| Contract Addendum Cover Letter |
Cover letter requesting that a business associate sign the security addendum. |
| Minimum Necessary Uses Grid |
Worksheet used to evaluate the need for access to ePHI by staff position and information source. |
|
|
| Password Guidelines |
Guidelines instructing staff on password management practices. |
| Password Management Presentation |
Training presentation reviewing common password management practices. |
| Point-of-Care Security Guidelines |
Checklist used as a security training tool for clinicians utilizing point-of-care computers. |
| Safe E-Mail Presentation |
Training presentation reviewing common e-mail screening practices. |
| Security Course Attendance Sheet |
Attendance sheet identifying all workforce members participating in a security training session. |
| Security Course Log |
Record of all security training sessions conducted by the organization. |
| Security Fundamentals Presentation |
Training presentation covering key aspects of the Security Rule and essential security concepts. |
| Security Training Attendance Record |
Record of security training sessions attended for each workforce member. |
| Virus Protection Presentation |
Training presentation on the importance of practicing safe computing in the office and home. |
| Workstation Environmental Guidelines |
Guidelines regarding workstation physical surroundings. |
|
|
| Critical Applications Worksheet |
Worksheet to help identify critical software applications to be protected in an emergency. |
| Critical Data Worksheet |
Worksheet to help identify critical data to be protected in an emergency. |
| Equipment and Media Log |
Log tracking the location and movement of equipment and media |
| Facility Security Maintenance Log |
Log recording information on security-related changes and repairs at facilities |
| Security Incident Log |
Form used by staff to compile summary data on security incidents |
| Security Incident Reporting and Tracking Form |
Log used to track the status of security incidents, from reporting through resolution. |
| Security Official Job Description |
Job description identifying essential security official duties and responsibilities. |
| System Activity Review Worksheet |
Worksheet used to identify data types and sources for system activity reviews. |
