Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
technical_safeguards [2016/06/15 18:53]
jillian_nadette_de_leon
technical_safeguards [2016/07/04 16:00]
jillian_nadette_de_leon
Line 10: Line 10:
 (C) Access establishment and modification (addressable). Based upon the access authorization policy of the data controller and/or data processor, policies and procedures on the establishment,​ documentation,​ review and modification of a user's rights to access a workstation,​ transaction,​ program or process shall be implemented.\\ (C) Access establishment and modification (addressable). Based upon the access authorization policy of the data controller and/or data processor, policies and procedures on the establishment,​ documentation,​ review and modification of a user's rights to access a workstation,​ transaction,​ program or process shall be implemented.\\
  
-II. Unique user identification (required). A process for unique user identification shall be made within a policy and procedure of the health facility.\\+II. User identification (required). A process for unique user identification shall be made within a policy and procedure of the health facility.\\
 1. Implement specifications:​ \\ 1. Implement specifications:​ \\
-(A) There shall be a unique ​user name and/or number for identifying user identity throughout all levels of the organization.\\+(A) There shall be a user name and/or number for identifying user identity throughout all levels of the organization.\\
 (B) User identity shall not be shared, delegated or assigned to a group or individual.\\ (B) User identity shall not be shared, delegated or assigned to a group or individual.\\
-(C) Unique user identity that was previously used shall not be reused for new and/or existing users.\\+(C) User identity that was previously used shall not be reused for new and/or existing users.\\
  
 III. Emergency Access Procedure (Required). Procedures for obtaining necessary electronic health information during an emergency.\\ III. Emergency Access Procedure (Required). Procedures for obtaining necessary electronic health information during an emergency.\\
Line 37: Line 37:
 I. Recording of information (required). Recorded information must include, but is not limited to, unique user identified, date and time of use/access, location (if applicable).\\ I. Recording of information (required). Recorded information must include, but is not limited to, unique user identified, date and time of use/access, location (if applicable).\\
 II. Audit Data Life Span (addressable). A policy shall be made by health facilities to specify the length of time the data must be stored and how it will be destroyed.\\ II. Audit Data Life Span (addressable). A policy shall be made by health facilities to specify the length of time the data must be stored and how it will be destroyed.\\
-III. Access to Audit Data (addressable). The Medical Records Officer alongside with the Privacy Officer ​and/or Health Information Security Committee ​shall be authorized to audit data.+III. Access to Audit Data (addressable). The Medical Records Officer alongside with the Privacy Officer shall be authorized to audit the shared health record.
  
 **C. Integrity Controls**\\ **C. Integrity Controls**\\
Line 49: Line 49:
 (F) Transmission encryption (required). Data transmission via wireless networks or the internet shall always be encrypted. \\ (F) Transmission encryption (required). Data transmission via wireless networks or the internet shall always be encrypted. \\
 (G) Proper Handling of Mechanical Components. Training on the proper use and handling of CPUs, Servers, flash drives, external hard drives shall be given to the user of electronic systems. (addressable)\\ (G) Proper Handling of Mechanical Components. Training on the proper use and handling of CPUs, Servers, flash drives, external hard drives shall be given to the user of electronic systems. (addressable)\\
-(H) Back-up components such as servers, ​flashdrives, external hard drives shall be stored away from possible electromagnetic interference. (addressable)\\+(H) Back-up components such as servers, ​flash drives, external hard drives shall be stored away from possible electromagnetic interference. (addressable)\\
 (I) Offline modes and Caching. Electronic systems shall have online and offline modes. (addressable)\\ (I) Offline modes and Caching. Electronic systems shall have online and offline modes. (addressable)\\
 (J) Interface Integration of Information Systems. Data transmission from electronic medical records shall follow a standard for integration and interfacing to facilitate interoperability and data compatibility. (addressable)\\ (J) Interface Integration of Information Systems. Data transmission from electronic medical records shall follow a standard for integration and interfacing to facilitate interoperability and data compatibility. (addressable)\\
Line 61: Line 61:
 **F. Storage Security**\\ **F. Storage Security**\\
 Implementation Specifications:​\\ Implementation Specifications:​\\
-(A) Data stored in portable data storage devices (e.g. USB drive, portable hard drives, etc.) must be encrypted. ​+(A) Data stored in portable data storage devices (e.g. Flash drive, portable hard drives, etc.) must be encrypted. ​
 (B) Data stored in cloud storage services (e.g. Dropbox, OneDrive, Google Drive, etc.) must be encrypted. (B) Data stored in cloud storage services (e.g. Dropbox, OneDrive, Google Drive, etc.) must be encrypted.