Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Periodic
Procedures security updates.against, detecting, Addressable
for guarding
and reporting
Identify andfor
Procedures malicious
respond software.
to suspected
monitoring or
log-in attempts Addressable
known
and security
reporting
Procedures incidents;
fordiscrepancies. mitigate,
creating, changing, and to the Addressable
extent practicable,
safeguarding harmful effects of
passwords. Addressable
security incidents that are known to the
covered entity; and document security
Establish
incidents and
and implement
their outcomes.procedures to Required
Establish
create and (and implement
maintain as needed)
retrievable exact
procedures to enable continuation
copies of electronic protected health of
critical business processes for protection of Required
information.
Establish
the security(and ofimplement as needed)health
electronic protected
procedures to restore
information while operating any loss
in of data.
emergency Required
mode.
Implement procedures for periodic testing Required
Assess the relative criticality of specific
and revisionthe
Document
applications of satisfactory
and contingency
data in support plans.
assurances
of other Addressable
required
contingency by paragraph
plan components. (b)(1) of this section Addressable
through a written contract or other
Establish
arrangement (andwith implement as needed)
the business associate
procedures that allow facility
that meets the applicable requirements access in of
support of restoration of lost data under
§, 164.314(a Required
the disaster
Implement recovery
policies plan
and and emergency
procedures to
Implement
mode procedures
operations planand to control
in the event and
of an
safeguard
validate the facility
a person's access the equipment
to facilities
Implement
emergency.
therein from policies and procedures
unauthorized physical tobased Addressable
access,
on their
document role or
repairs function, including visitor
and modifications to the Addressable
tampering,
control, and theft.
physical and control
components ofofaccess to software
a facility which are
programs
related to for testing
security and
(for revision.hardware, Addressable
example,
walls, doors, and locks). Addressable
Implement policies and procedures to
address the final disposition of electronic
protected health
Implement proceduresinformation and/orofthe
for removal
hardware
electronic or electronic
protected media
health on which it is
information
stored.
from electronic media before the media Required
Maintain a record of the movements of are
made available
hardware for reuse.media and any
and electronic Required
Create a retrievable exact copy of electronic
person responsible therefore.
protected health information, when Addressable
needed, before movement of equipment. Addressable
Establish (and implement as needed)
Assign a unique
procedures name and/or
for obtaining number for
necessary
identifyingprotected
electronic and tracking userinformation
health identity. Required
Implement electronic procedures that
during an
terminate an emergency.
electronic session afteranda Required
Implement a mechanism to encrypt
predetermined time of
decrypt electronic protected healthinactivity. Addressable
information. Addressable
Implement electronic mechanisms to
corroborate that electronic protected
health information has not been altered or
Implement
destroyed insecurity measures manner.
an unauthorized to ensure Addressable
that electronically transmitted electronic
protected health information is not
The contractamodified
improperly
Implement between
mechanism a covered
without entity and
detection
to encrypt
aWhen
business
until disposed
a associate
covered of.entitymustand
electronic protected health informationprovide
its that the
business Addressable
business
associate
wheneverare associate will--
both governmental
deemed (A) Implement
appropriate. entities, Addressable
administrative,
the covered entity physical, and technical
is in compliance with
safeguards(a)(1)
paragraph that reasonably
of this section, and if-- (1) It
The plan
appropriately
enters intodocuments
protectofththe group
a memorandum, of health Required
plan
The must
plan be amended
documents of to
the
understanding with the business associ incorporate
group health
provisions
plan must to require
be amended thetoplan sponsor to--
incorporate
The
The plan
plan documents
documents of
of the group health
(i)
plan
Implement
provisions
must to require
be amended thethe
administrative,
to plangroup health
physical,
sponsor
incorporate
and
to--
plan must
technical be amended
safeguards
(ii) Ensure that to
that
the adequate incorporate
reasonably and
separationto-- Required
provisions
provisions to require the
the plan
plan sponsor
required
(iii) Ensure byto§ require
that 164.504(f)(2)(iii)
any agent,
sponsor
including a
to--
is supporte Required
(iv) Report to the group health plan any
subcontractor,
security incident to ofwhom
which it it
provides
becomes this info Required
aware. Required
Retain the documentation required by
paragraph
Make (b)(1) of thisavailable
documentation section to forthose
six years
Review
from thedocumentation
date of its periodically,
creation or the and
date
persons
update asresponsible
needed, infor implementing
response to the
when it last to
procedures was in effect,
which whichever is later.
the documentation Required
environmental or operational changes
pertains.
affecting the security of the electronic Required
protected health information. Required