Scribd Logo
Upload

Welcome to Scribd!

  • 37 views

    Security Plan

    Uploaded by

    api-254213353

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Security Plan

    Uploaded by

    api-254213353
    37 views2 pages

    Original Title

    security plan

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    37 views2 pages

    Security Plan

    Uploaded by

    api-254213353

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 2

    3BC EHR CONSULTING

    FUNNY BONE MEMORIAL HOSPITAL


    SECURITY PLAN
    To establish parameters of desired levels of security for Electronic PHI per area,
    department, function, and role. These protocols must be in place to ensure compliance
    with First Stage Meaningful Use for Electronic Health Records.

    TECHNICAL SAFEGUARDS

    RISK / CONCERN SECURITY MEASURE

    1. Data Integrity
    Protect PHI from improper alteration or
    destruction
    Implement authentication measures for
    PHI


    2. Access Control Mechanisms
    Data and PHI accessible only to
    persons/programs with authorization
    Proof of identity authenticated before
    access to PHI is granted


    3. Identity Authentication
    Authenticity measures to prove the
    identity of any person/entity seeking
    access to PHI
    Authentication that they are who/what
    they say they are

    4. Audit Controls
    Built in EHR feature records/examines all
    activity regarding access to PHI

    5. Transmission Security
    Protect against access to PHI during
    transmission over electronic
    communications network(s)

    6. Unauthorized Disclosure
    Computer screen locks/disappears after
    one (1) minute of inactivity.
    Requires a unique password by
    authorized person to unlock

    7. PHI Exchange All Persons/Entities
    Ensure all PHI data is encrypted and
    transmitted over secure communication
    lines
    HIV/AIDS PHI data requires special
    authorization for access/transfer
    8. Password Vulnerability
    Institute security codes/questions
    Iris/fingerprint identity scanners

    PHYSICAL SAFEGUARDS

    RISK / CONCERN
    SECURITY MEASURE

    1. Facility Access Control
    Limit access to areas where PHI is
    housed
    Ensure only authorized persons have
    access to these areas

    2. PHI Exchange within Healthcare Facility,
    with Outside Providers, Reportable for
    Public Health Reasons/Safety, or
    Transferred to a Portable Device or Drive
    Ensure all PHI data is encrypted and
    transferred over secure communication
    lines
    Access to HIV/AIDS related PHI will
    require special authorization specifically
    designed for access to this type of PHI

    3. Workstations
    Specify workstations that allow access to
    electronic PHI
    Specify appropriate use of the
    Workstations
    Specify physical environment of
    workstations that are able to access PHI

    4. Workstation Use
    Restrict access to workstations that
    contain PHI to only staff who have a
    need to know regarding patient care
    Enhance security controls on those
    workstations containing PHI that
    pertains to HIV/AIDS

    http://www.hrsa.gov

    You might also like