Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
technical_safeguards [2016/06/15 17:50] jillian_nadette_de_leon |
technical_safeguards [2016/06/15 18:53] jillian_nadette_de_leon |
||
---|---|---|---|
Line 1: | Line 1: | ||
##TECHNICAL SAFEGUARDS | ##TECHNICAL SAFEGUARDS | ||
- | |||
- | * Disclaimer: For information purposes only. Standard terms, definition, sentence construction will still be edited. \\ | ||
**A. Access Controls**\\ | **A. Access Controls**\\ | ||
Line 42: | Line 40: | ||
**C. Integrity Controls**\\ | **C. Integrity Controls**\\ | ||
- | Implement policies and procedures to protect electronic health information from improper alteration or destruction. \\ | + | Protection of electronic health information from improper alteration or destruction. \\ |
I. Implementation specifications:\\ | I. Implementation specifications:\\ | ||
- | (A) Mechanism to authenticate electronic protected health information (addressable). Implement electronic mechanisms to corroborate that electronic health information has not been altered or destroyed in an unauthorized manner.\\ | + | (A) Mechanism to authenticate electronic protected health information (addressable). Mechanisms to corroborate that electronic health information has not been altered or destroyed in an unauthorized manner shall be implemented.\\ |
(B) Digital signatures (required). Digital signatures shall be used to identify authenticity of the entry in an electronic system.\\ | (B) Digital signatures (required). Digital signatures shall be used to identify authenticity of the entry in an electronic system.\\ | ||
(C) Sum Verification (required) shall be used to determine if the input data matches the source data.\\ | (C) Sum Verification (required) shall be used to determine if the input data matches the source data.\\ | ||
Line 50: | Line 48: | ||
(E) Data storage encryption (required). Data storage and transmission shall be encrypted. For websites, https encryption shall be used. \\ | (E) Data storage encryption (required). Data storage and transmission shall be encrypted. For websites, https encryption shall be used. \\ | ||
(F) Transmission encryption (required). Data transmission via wireless networks or the internet shall always be encrypted. \\ | (F) Transmission encryption (required). Data transmission via wireless networks or the internet shall always be encrypted. \\ | ||
- | (G) Proper Handling of Mechanical Components. Training on the proper use and handling of CPUs, Servers, flash drives, external hard drives shall be given to user of electronic systems. (addressable)\\ | + | (G) Proper Handling of Mechanical Components. Training on the proper use and handling of CPUs, Servers, flash drives, external hard drives shall be given to the user of electronic systems. (addressable)\\ |
(H) Back-up components such as servers, flashdrives, external hard drives shall be stored away from possible electromagnetic interference. (addressable)\\ | (H) Back-up components such as servers, flashdrives, external hard drives shall be stored away from possible electromagnetic interference. (addressable)\\ | ||
- | (I) Offline modes and Caching. Electronic systems shall ave online and offline modes. (addressable)\\ | + | (I) Offline modes and Caching. Electronic systems shall have online and offline modes. (addressable)\\ |
(J) Interface Integration of Information Systems. Data transmission from electronic medical records shall follow a standard for integration and interfacing to facilitate interoperability and data compatibility. (addressable)\\ | (J) Interface Integration of Information Systems. Data transmission from electronic medical records shall follow a standard for integration and interfacing to facilitate interoperability and data compatibility. (addressable)\\ | ||
**D. Transmission Security**\\ | **D. Transmission Security**\\ | ||
- | Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.\\ | + | Technical security measures to guard against unauthorized access to electronic health information that is being transmitted over an electronic communications network shall be implemented.\\ |
**E. Identity Authentication**\\ | **E. Identity Authentication**\\ | ||
- | Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed. \\ | + | Procedures to verify that a person or entity seeking access to electronic health information is the one claimed shall be implemented. Rule III (Access of Health Information) provides guidelines on authentication of access. \\ |
**F. Storage Security**\\ | **F. Storage Security**\\ | ||
Line 65: | Line 63: | ||
(A) Data stored in portable data storage devices (e.g. USB drive, portable hard drives, etc.) must be encrypted. | (A) Data stored in portable data storage devices (e.g. USB drive, portable hard drives, etc.) must be encrypted. | ||
(B) Data stored in cloud storage services (e.g. Dropbox, OneDrive, Google Drive, etc.) must be encrypted. | (B) Data stored in cloud storage services (e.g. Dropbox, OneDrive, Google Drive, etc.) must be encrypted. | ||
- | |||
- | |||
- | |||
- | |||
- | |||
---- | ---- |