GUIDANCE FOR BUSINESS ASSOCIATES

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "GUIDANCE FOR BUSINESS ASSOCIATES"

Transcription

1 GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates. In general, as a business assciate, it is expected that apprpriate steps are taken in rder t prtect UPMC data frm the risk f unauthrized disclsure. OVERVIEW As a business assciate t UPMC, UPMC expects yu t cmply with UPMC s business assciate terms and cnditins fund at: (the BAA Terms ). BREACH NOTIFICATION Yu shall reprt t UPMC any breach f UPMC s patient infrmatin immediately upn becming aware f such breach. The reprt shall include the name f each individual whse prtected health infrmatin was r is reasnably believed by yur rganizatin t have been inapprpriately accessed, acquired r disclsed, as well as wh UPMC shuld cntact frm yur rganizatin. Yu shall als prvide such assistance and further infrmatin as requested by UPMC. Yu shall immediately reprt any situatin where yu believe that yur rganizatin may have vilated the BAA Terms. The reprt can be ed t SECURITY: APPLICABILITY OF HIPAA SECURITY STANDARDS Generally, UPMC expects that yu will prperly secure all UPMC patient infrmatin. This includes such steps as: Encrypting hard disks, remvable media, remte access and infrmatin sent via the Internet. Securing wrkstatins and servers. Emplying effective passwrds. Maintaining effective antivirus sftware. Patching yur systems. Perfrming backups f yur systems and data. Ensuring that yur data center is physically secure, and that yu have an effective cntingency plan. Limit staff access t systems and infrmatin n a need t knw basis. Destrying data when yu n lnger need t keep it. The fllwing prvisins frm the HIPAA Security Standards (45 CFR Sectin 164) apply directly t yu in yur capacity as a business assciate:

2 Administrative Safeguards ( ) Physical Safeguards ( ) Technical Safeguards ( ) Plicies & Prcedures and Dcumentatin Requirements ( ) Mre infrmatin n these requirements is included in Attachment A. BUSINESS ASSOCIATE SUBCONTRACTORS AND AGENTS Any agent r subcntractr that yu utilize and whm yu prvide UPMC s patient infrmatin t must agree t the BAA Terms as well as any ther terms and cnditins yu and UPMC agree t. ACCOUNTING OF DISCLOSURES Under the terms f the American Recvery & Reinvestment Act (ARRA), patients have a right t an accunting f wh electrnically accessed their infrmatin. This includes access by staff f business assciates and their subcntractrs and agents. Accrdingly, yu shall maintain lgs f such access in rder that UPMC can cmply with this prvisin. IDENTITY THEFT Yu may receive r have access t UPMC infrmatin that culd be used t cmmit identity theft, such as names, SSNs, accunt numbers and birth dates. Accrdingly, yu shall implemented apprpriate precautins, as well as plicies and prcedures, t prevent, detect and mitigate identity theft. INAPPROPPRIATE ACCESS BY STAFF Yu shall nly allw yur staff t access UPMC patient infrmatin as is necessary fr them t d their jb. Yu shall als implement apprpriate prcedures t detect if a staff member has inapprpriately accessed UPMC patient infrmatin. Yu will further investigate each case where yu believe that inapprpriate access has ccurred. EDUCATION Yu shall train yur staff and ensure that they understand their bligatins under the BAA Terms. MITIGATION & DSICIPLINE Yu shall implement prcesses and prcedures t prperly address any breach f the BAA Terms that may ccur, including disciplining emplyees, subcntractrs and agents. ADDITIONAL INFORMATION Additinal infrmatin regarding HIPAA and the privacy rule (including the HIPAA regulatins and FAQs) can be fund at Guidance specific t business assciates can be fund at

3 ATTACHMENT A 1. ADMINISTRATIVE SAFEGUARDS a. Security Management Prcess: i. Risk Analysis: Cnduct an accurate and thrugh assessment f the ptential risks and vulnerabilities t the cnfidentiality, integrity, and availability f electrnic prtected health infrmatin held by the cvered entity. ii. Risk Management: Implement security measures sufficient t reduce risks and vulnerabilities t a reasnable and apprpriate level. iii. Sanctin Plicy: Apply apprpriate sanctins against wrkfrce members wh fail t cmply with the security plicies and prcedures f the cvered entity. iv. Infrmatin System Activity Review: Implement prcedures t regularly review recrds f infrmatin system activity, such as audit lgs, access reprts, and security incident tracking reprts. b. Assigned Security Respnsibility: i. Identify the security fficial wh is respnsible fr the develpment and implementatin f the facility's infrmatin security plicies and prcedures c. Wrkfrce Security: i. Wrkfrce Security: Implement prcedures fr the authrizatin and/r supervisin f wrkfrce members wh wrk with electrnic prtected health infrmatin r in lcatins where it might be accessed. ii. Wrkfrce Clearance Prcedure: Implement prcedures t determine that the access f a wrkfrce member t electrnic prtected health infrmatin is apprpriate. iii. Terminatin prcedure: Implement prcedures fr terminating access t electrnic PHI when the emplyment f a wrkfrce member. d. Infrmatin Access Management: Implement plicies and prcedures fr authrizing access t electrnic PHI i. Islating Health Care Clearinghuse Functins: If a health care clearinghuse is part f a larger rganizatin, the clearinghuse must implement plicies and prcedures that prtect the electrnic prtected health infrmatin f the clearinghuse frm unauthrized access by the larger rganizatin. ii. Access Authrizatin: Implement plicies and prcedures fr granting access t electrnic PHI, fr example, thrugh access t a wrkstatin, transactin, prgram, prcess, r ther mechanism. iii. Access Establishment and Mdificatin: Implement plicies and prcedures that, based upn the entity's access authrizatin plicies, establish, dcument, review, and mdify a user's right f access t a wrkstatin, transactin, prgram, r prcess. e. Security Awareness and Training: Implement a security awareness and training prgram fr all members f its wrkfrce (including management). i. Security reminders peridic security updates.

4 ii. Prtectin frm malicius sftware - Prcedures fr guarding against, detecting, and reprting malicius sftware. iii. Lg in mnitring - Prcedures fr mnitring lg-in attempts and reprting discrepancies. iv. Passwrd Management - Prcedures fr creating, changing, and safeguarding passwrds. f. Security Incident Prcedures i. Respnse and Reprting - Identify and respnd t suspected r knwn security incidents; mitigate, t the extent practical, harmful effects f security incidents that are knwn t the cvered entity; and dcument security incidents and their utcmes. g. Cntingency Plan - Establish (and implement as needed) plicies and prcedures fr respnding t an emergency r ther ccurrence (fr example, fire, vandalism, system failure, and natural disaster) that damages systems that cntain electrnic PHI. i. Data backup plan - Establish and implement prcedures t create and maintain retrievable exact cpies f electrnic PHI. ii. Disaster Recvery Plan - Establish (and implement as needed) prcedures t restre any lss f data. iii. Emergency Mde Operatin Plan - Establish (and implement as needed) prcedures t enable cntinuatin f critical business prcesses fr prtectin f the security f electrnic PHI while perating in emergency mde. iv. Testing and Revisin Prcedures - Implement prcedures fr peridic testing and revisin f cntingency plans. v. Applicatins and Data Criticality Analysis - Assess the relative criticality f specific applicatins and data in supprt f ther cntingency plan cmpnents. h. Evaluatin - Perfrm a peridic self r external evaluatin f the facility's cmpliance with the HIPAA security rule. i. Business Assciate Cntracts and Other Arrangements 2. PHYSICAL SAFEGUARDS a. Facility Access Cntrls - Implement plicies and prcedures t limit physical access t its electrnic infrmatin systems and the facility r facilities in which they are hused, while ensuring that prperly authrized access is allwed. i. Cntingency Operatins - Establish (and implement as needed) prcedures that allw facility access in supprt f restratin f lst data under the disaster recvery plan and emergency mde peratins plan in the event f an emergency. ii. Facility Security Plan - Implement plicies and prcedures t safeguard the facility and the equipment therein frm unauthrized physical access, tampering, and theft. iii. Access Cntrl and Validatin Prcedures - Implement prcedures t cntrl and validate a persn's access t facilities based n their rle r functin,

5 including visitr cntrl, and cntrl f access t sftware prgrams fr testing and revisin. iv. Maintenance Recrds - Implement plicies and prcedures t dcument repairs and mdificatins t the physical cmpnents f a facility which are related t security (fr example, hardware, walls, drs, and lcks.) b. Wrkstatin Use - Implement prcedures that specify apprpriate usage, including the physical attributes f wrkstatins which can access ephi c. Wrkstatin Security - Implement physical safeguards fr all wrkstatins that access ephi t restrict access t authrized users d. Device and Media Cntrls - Implement plicies and prcedures that gvern the receipt and remval f hardware and electrnic media that cntain electrnic PHI int and ut f a facility, and the mvement f these items within the facility. i. Dispsal - Implement plicies and prcedures t address the final dispsitin f electrnic PHI and/r the hardware r electrnic media n which it is stred. ii. Media Re-use - Implement prcedures fr remval f electrnic PHI frm electrnic media befre the media are made available fr re-use. iii. Accuntability - Maintain a recrd f the mvements f hardware and electrnic media and any persn respnsible therefre. iv. Data Backup and Strage - Create a retrievable, exact cpy f electrnic PHI, when needed, befre mvement f equipment. 3. TECHNICAL SAFEGUARDS a. Access Cntrl i. Unique User Identificatin - Assign a unique name and/r number fr identifying and tracking user identity. ii. Emergency Access Prcedure - Establish (and implement as needed) prcedures fr btaining necessary electrnic prtected health infrmatin during an emergency. iii. Autmatic Lgff - Implement electrnic prcedures that terminate an electrnic sessin after a predetermined time f inactivity. iv. Encryptin and Decryptin - Implement a mechanism t encrypt and decrypt electrnic PHI. b. Audit Cntrls - Implement hardware, sftware, and/r prcedural mechanisms that recrd and examine activity in infrmatin systems that cntain r use electrnic PHI. c. Integrity - Implement electrnic mechanisms t crrbrate that electrnic prtected health infrmatin has nt been altered r destryed in an unauthrized manner. d. Persn r Entity Authenticatin- Implement prcedures t verify that a persn r entity seeking access t ephi is the ne claimed. e. Transmissin Security - Implement technical security measures t guard against unauthrized access t electrnic PHI that is being transmitted ver an electrnic cmmunicatins netwrk.

6 i. Integrity Cntrls - Implement security measures t ensure that electrnically transmitted electrnic PHI is nt imprperly mdified withut detectin until dispsed f. ii. Encryptin - Implement a mechanism t encrypt electrnic PHI whenever deemed apprpriate.

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337 HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders

More information

HIPAA HITECH ACT Compliance, Review and Training Services

HIPAA HITECH ACT Compliance, Review and Training Services Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical

More information

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT If using US Pstal Service, please return t: Califrnia Student Aid Cmmissin Prgram Administratin & Services Divisin ATTN: Institutinal Supprt P.O. Bx 419028

More information

Texas Woman's University University Policy Manual

Texas Woman's University University Policy Manual Texas Wman's University University Plicy Manual Plicy Name: Plicy Number: 6.06 Date Passed: July 2004 Health Insurance Prtability& Accuntability Act (HIPAA) Date Reviewed: September 2008 Next Review: September

More information

HIPAA Legislation - Key Provisions

HIPAA Legislation - Key Provisions HIPAA SECURITY, PRIVACY, AND THE NATIONAL PROVIDER IDENTIFIER Frederick Britten Frt Hays State University Carl Ann Raymnd The University f Gergia Outline HIPAA Review Enfrcement Update Natinal Prvider

More information

Cloud-based File Sharing: Privacy and Security Tutorial Institutional Compliance Office July 2013

Cloud-based File Sharing: Privacy and Security Tutorial Institutional Compliance Office July 2013 Clud-based File Sharing: Privacy and Security Tutrial Institutinal Cmpliance Office July 2013 Patient Data in the Clud Prtecting patient privacy is ne f MD Andersn s greatest respnsibilities Technlgies

More information

VCU Payment Card Policy

VCU Payment Card Policy VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this

More information

Health Insurance Portability and Accountability Act

Health Insurance Portability and Accountability Act Health Insurance Prtability and Accuntability Act Frm Wikipedia, the free encyclpedia. (Redirected frm HIPAA) Jump t: navigatin, search The Health Insurance Prtability and Accuntability Act (HIPAA) was

More information

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus

More information

Privacy and Security Training Policy (PS.Pol.051)

Privacy and Security Training Policy (PS.Pol.051) Privacy and Security Training Plicy (PS.Pl.051) Purpse T define the plicies and prcedures fr prviding privacy and security training in respect f the CnnectingGTA Slutin. Definitins Electrnic Service Prvider

More information

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department

More information

Unified Infrastructure/Organization Computer System/Software Use Policy

Unified Infrastructure/Organization Computer System/Software Use Policy Unified Infrastructure/Organizatin Cmputer System/Sftware Use Plicy 1. Statement f Respnsibility All emplyees are charged with the security and integrity f the cmputer system. Emplyees are asked t help

More information

Personal Data Security Breach Management Policy

Personal Data Security Breach Management Policy Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner

More information

Data Protection Act Data security breach management

Data Protection Act Data security breach management Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing

More information

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014 State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)

More information

Hillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network

Hillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network 2361/Page 1 f 6 Hillsbrugh Bard f Educatin Acceptable Use Plicy fr Using the Hillsbrugh Twnship Public Schls Netwrk It is the gal f the HTPS (Hillsbrugh Twnship Public Schls) Netwrk t prmte educatinal

More information

First Global Data Corp.

First Global Data Corp. First Glbal Data Crp. Privacy Plicy As f February 23, 2015 Ding business with First Glbal Data Crp. ("First Glbal", First Glbal Mney, "we" r "us", which includes First Glbal Data Crp. s subsidiary, First

More information

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES Prject Open Hand Atlanta Effective Date: April 14, 2003 Health Insurance Prtability and Accuntability Act (HIPAA) The Health Insurance Prtability and Accuntability Act f 1996 (HIPAA) directs health care

More information

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch

More information

Data Protection Policy & Procedure

Data Protection Policy & Procedure Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2 Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015

More information

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS SERIES: 1 General Rules RULE: 17.1 Recrd Retentin Scpe: The purpse f this rule is t establish the systematic review, retentin and destructin

More information

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant

More information

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer RUTGERS POLICY Sectin: 70.1.1 Sectin Title: Infrmatin Technlgy Plicy Name: Acceptable Use Plicy fr Infrmatin Technlgy Resurces Frmerly Bk: N/A Apprval Authrity: Senir Vice President fr Administratin Respnsible

More information

TrustED Briefing Series:

TrustED Briefing Series: TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers

More information

Guidelines for Custodians

Guidelines for Custodians Guidelines fr Custdians t assess cmpliance with the Persnal Health Infrmatin Privacy and Access Act (PHIPAA) This dcument is designed t help custdians evaluate readiness fr cmpliance with PHIPAA and t

More information

Hampton Roads Orthopaedics & Sports Medicine. Notice of Privacy Practices

Hampton Roads Orthopaedics & Sports Medicine. Notice of Privacy Practices This is being prvided t yu as a requirement f the privacy regulatins issued under the Health Insurance Prtability and Accuntability Act f 1996 (HIPAA). This ntice describes hw HROSM may use and disclse

More information

DisplayNote Technologies Limited Data Protection Policy July 2014

DisplayNote Technologies Limited Data Protection Policy July 2014 DisplayNte Technlgies Limited Data Prtectin Plicy July 2014 1. Intrductin This dcument sets ut the bligatins f DisplayNte Technlgies Limited ( the Cmpany ) with regard t data prtectin and the rights f

More information

Chapter 7 Business Continuity and Risk Management

Chapter 7 Business Continuity and Risk Management Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity

More information

Supersedes: DPS Policy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 of 5

Supersedes: DPS Policy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 of 5 Plicy: 13.01 SUBJECT: INTERNET USAGE Supersedes: DPS Plicy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 f 5 1.0 POLICY PURPOSE Detrit Public Schls (DPS) Internet

More information

COMPLIANCE WITH THE FEDERAL TRADE COMMISSION S SAFEGUARDS RULE

COMPLIANCE WITH THE FEDERAL TRADE COMMISSION S SAFEGUARDS RULE COMPLIANCE WITH THE FEDERAL TRADE COMMISSION S SAFEGUARDS RULE COMPLIANCE WITH THE FEDERAL TRADE COMMISSION S SAFEGUARDS RULE Mst dealers are familiar with the requirements f the Gramm-Leach-Bliley Act

More information

HIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc.

HIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc. HIPAA Ntice f Privacy Practices Central Ohi Surgical Assciates, Inc. THIS NOTICE OF PRIVACY PRACTICES (THE NOTICE ) DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN

More information

Plus500CY Ltd. Statement on Privacy and Cookie Policy

Plus500CY Ltd. Statement on Privacy and Cookie Policy Plus500CY Ltd. Statement n Privacy and Ckie Plicy Statement n Privacy and Ckie Plicy This website is perated by Plus500CY Ltd. ("we, us r ur"). It is ur plicy t respect the cnfidentiality f infrmatin and

More information

FAYETTEVILLE STATE UNIVERSITY

FAYETTEVILLE STATE UNIVERSITY FAYETTEVILLE STATE UNIVERSITY IDENTITY THEFT PREVENTION (RED FLAGS RULE) Authrity: Categry: Issued by the Fayetteville State University Bard f Trustees. University-Wide Applies t: Administratrs Faculty

More information

Key Steps for Organizations in Responding to Privacy Breaches

Key Steps for Organizations in Responding to Privacy Breaches Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins

More information

Process Safety Management Program for Contractors

Process Safety Management Program for Contractors Page 1 f 6 Sect: 1.0 Purpse 2.0 Scpe This sectin cntains requirements fr Ardent (Cntract Emplyer) and ur subcntractrs fr the purpse f assisting ur clients in preventing r minimizing the cnsequences f catastrphic

More information

NYU Langone Medical Center NYU Hospitals Center NYU School of Medicine

NYU Langone Medical Center NYU Hospitals Center NYU School of Medicine Title: Identity Theft Prgram Effective Date: July 2009 NYU Langne Medical Center NYU Hspitals Center NYU Schl f Medicine POLICY It is the plicy f the NYU Langne Medical Center t educate and train staff

More information

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries Revisin 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries TABLE OF CONTENTS TABLE OF CONTENTS... 1 CALA POLICY

More information

Online Banking Agreement

Online Banking Agreement Online Banking Agreement 1. General This Online Banking Agreement, which may be amended frm time t time by us (this "Agreement"), fr accessing yur Clrad Federal Savings Bank accunt(s) via the Internet

More information

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the

More information

A Guide to HIPAA Security Standards and the Quest HIPAA Report Pack

A Guide to HIPAA Security Standards and the Quest HIPAA Report Pack A Guide t HIPAA Security Standards and the Quest HIPAA Reprt Pack Cpyright Quest Sftware, Inc. 2004. All rights reserved. This guide cntains prprietary infrmatin, which is prtected by cpyright. The sftware

More information

Session 9 : Information Security and Risk

Session 9 : Information Security and Risk INFORMATION STRATEGY Sessin 9 : Infrmatin Security and Risk Tharaka Tennekn B.Sc (Hns) Cmputing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Infrmatin Management Framewrk 2 Infrmatin

More information

CMS Eligibility Requirements Checklist for MSSP ACO Participation

CMS Eligibility Requirements Checklist for MSSP ACO Participation ATTACHMENT 1 CMS Eligibility Requirements Checklist fr MSSP ACO Participatin 1. General Eligibility Requirements ACO participants wrk tgether t manage and crdinate care fr Medicare fee-fr-service beneficiaries.

More information

PRIVACY POLICY. This Privacy Policy describes how and when Pole Star USA, Inc. ( Pole Star ) collects, uses and

PRIVACY POLICY. This Privacy Policy describes how and when Pole Star USA, Inc. ( Pole Star ) collects, uses and PRIVACY POLICY This Privacy Plicy describes hw and when Ple Star USA, Inc. ( Ple Star ) cllects, uses and shares yur infrmatin when yu use Ple Star s NAO Clud Platfrm, which includes the Ple Star website

More information

Christchurch Polytechnic Institute of Technology Access Control Security Standard

Christchurch Polytechnic Institute of Technology Access Control Security Standard CPIT Crprate Services Divisin: ICT Christchurch Plytechnic Institute f Technlgy Access Cntrl Security Standard Crprate Plicies & Prcedures Sectin 1: General Administratin Dcument CPP121a Principles Infrmatin

More information

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST ASSESSMENT AND GUIDANCE INSTRUCTIONS

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST ASSESSMENT AND GUIDANCE INSTRUCTIONS HIPAA/HITECH PRIVACY & SECURITY CHECKLIST ASSESSMENT AND GUIDANCE INSTRUCTIONS Thank yu fr taking the time t fill ut the privacy & security checklist. Once cmpleted, this checklist will help us get a better

More information

ALBAN CHURCH OF ENGLAND ACADEMY COMPUTER SECURITY POLICY. Approved by Governing Body on: 6 th May 2015

ALBAN CHURCH OF ENGLAND ACADEMY COMPUTER SECURITY POLICY. Approved by Governing Body on: 6 th May 2015 ALBAN CHURCH OF ENGLAND ACADEMY COMPUTER SECURITY POLICY Gvernrs Cmmittee: Finance and General Purpses Apprved by Gverning Bdy n: 6 th May 2015 Signed: (Chair f Cmmittee) Signed: (Headteacher) Date t be

More information

HIPAA COMPLIANCE FOR MTSOs

HIPAA COMPLIANCE FOR MTSOs HIPAA COMPLIANCE FOR MTSOs HIPAA regulatins affect ur industry in many ways. The tw main areas f impact are privacy and security. The privacy regulatins address many areas with the mst pertinent being

More information

2. Are there any restrictions on when the work can be performed (e.g. only at night, only during business hours, only on weekends)? No.

2. Are there any restrictions on when the work can be performed (e.g. only at night, only during business hours, only on weekends)? No. HIPAA Technical Risk Security Assessment 1. Will yu be issuing additinal directins fr the frmatting f the final prpsal due Nvember 21 st? There is nt specific frmatting requirements, just submit the prpsal

More information

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs

More information

expertise hp services valupack consulting description security review service for Linux

expertise hp services valupack consulting description security review service for Linux expertise hp services valupack cnsulting descriptin security review service fr Linux Cpyright services prvided, infrmatin is prtected under cpyright by Hewlett-Packard Cmpany Unpublished Wrk -- ALL RIGHTS

More information

MigrationWiz HIPAA Compliant Migration. Focus on data migration, not regulation. BitTitan Global Headquarters: 3933 Lake Washington Blvd NE Suite 200

MigrationWiz HIPAA Compliant Migration. Focus on data migration, not regulation. BitTitan Global Headquarters: 3933 Lake Washington Blvd NE Suite 200 MigratinWiz HIPAA Cmpliant Migratin Fcus n data migratin, nt regulatin. BitTitan Glbal Headquarters: 3933 Lake Washingtn Blvd NE Suite 200 Table f Cntents Kirkland, WA 98033 www.bittitan.cm sales@bittitan.cm

More information

Woodstock Multimedia, INC. Software/Hardware Usage Policy

Woodstock Multimedia, INC. Software/Hardware Usage Policy Wdstck Multimedia, INC. Sftware/Hardware Usage Plicy POLICY PURPOSE The purpse f the Wdstck Multimedia, INC. Sftware / Hardware Usage Plicy is t ensure that Wdstck Multimedia, INC. emplyees are prperly

More information

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy. Privacy Plicy The Central Equity Grup understands hw highly peple value the prtectin f their privacy. Fr that reasn, the Central Equity Grup takes particular care in dealing with any persnal and sensitive

More information

To clarify terms used within these policies, the following definitions are provided:

To clarify terms used within these policies, the following definitions are provided: Baker University Email Plicy E-mail services are prvided t the Baker cmmunity in supprt f the educatinal missin f the University and the administrative functins t carry ut that missin. Users f Baker e-mail

More information

TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY

TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY REFERENCE NUMBER: 14/103368 RESPONSIBLE DEPARTMENT: Crprate Services APPLICABLE LEGISLATION: State Recrds Act 1997 Lcal Gvernment Act 1999 Crpratins Act

More information

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released Page 1 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial Plicy Released INTENT / PURPOSE The Infrmatin and Data Gvernance

More information

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021 Multi-Year Accessibility Plicy and Plan fr NSF Canada and NSF Internatinal Strategic Registratins Canada Cmpany, 2014-2021 This 2014-21 accessibility plan utlines the plicies and actins that NSF Canada

More information

DATE APPROVED March 2011. Version Date Comments / Changes 1.0 March 2011 Initial policy released

DATE APPROVED March 2011. Version Date Comments / Changes 1.0 March 2011 Initial policy released Page 1 f 11 APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial plicy released 1. PURPOSE OF THIS POLICY T define the purpses fr which Crprate Purchase Cards are t be used

More information

Information Security Policy

Information Security Policy Purpse The risk t Charlestn Suthern University, its emplyees and students frm data lss and identity theft is f significant cncern t the University and can be reduced nly thrugh the cmbined effrts f every

More information

Cloud Services Frequently Asked Questions FAQ

Cloud Services Frequently Asked Questions FAQ Clud Services Frequently Asked Questins FAQ Revisin 1.0 6/05/2015 List f Questins Intrductin What is the Caradigm Intelligence Platfrm (CIP) clud? What experience des Caradigm have hsting prducts like

More information

Bill Payment Agreement & Disclosures

Bill Payment Agreement & Disclosures Bill Payment Agreement & Disclsures Welcme t Online Banking Bill Payment Service. Use f the Bill Payment Service indicates acceptance f terms and cnditins set frth in the Online Banking Agreement & Disclsures

More information

NERC-CIP Cyber Security Standards Compliance Documentation

NERC-CIP Cyber Security Standards Compliance Documentation Cmpliance Dcumentatin Briv OnAir 8/3/20154 Page 2 Overview This dcument is intended t be the primary surce f infrmatin fr Briv s cmpliance with the Nrth America Electric Reliability Crpratin (NERC) reliability

More information

AML Internet Manor Court, Manor Farm House, London Road, Derby, Derbyshire, DE72 2GR. Tel: 01332 650 009 Fax: 01332 650 850 Email:

AML Internet Manor Court, Manor Farm House, London Road, Derby, Derbyshire, DE72 2GR. Tel: 01332 650 009 Fax: 01332 650 850 Email: AML Internet Manr Curt, Manr Farm Huse, Lndn Rad, Derby, Derbyshire, DE72 2GR. Tel: 01332 650 009 Fax: 01332 650 850 Email: Backup@AmlInternet.c.uk Cntents Page Situatin Analysis 3 AML Internet - The Slutin

More information

SaaS Listing CA Cloud Service Management

SaaS Listing CA Cloud Service Management SaaS Listing CA Clud Service Management 1. Intrductin This dcument prvides standards and features that apply t the CA Clud Service Management (CSM) SaaS ffering prvided t the Custmer and defines the parameters

More information

Process of Setting up a New Merchant Account

Process of Setting up a New Merchant Account Prcess f Setting up a New Merchant Accunt Table f Cntents PCI DSS... 3 Wh t cntact?... 3 Bakcgrund n PCI... 3 Why cmply?... 3 Hw t cmply?... 3 PCI DSS Scpe... 4 Des PCI DSS Apply t Me?... 4 What if I am

More information

2.1 All SHR Users are responsible for the security of SHR systems/applications, resources and information.

2.1 All SHR Users are responsible for the security of SHR systems/applications, resources and information. POLICY Number: 7311-25-004 Title: Saskatn Health Regin User Accunt Plicy Authrizatin [ ] President and CEO [X] Vice President, Finance and Crprate Services Surce: Directr, Infrmatin Technlgy Services Crss

More information

IT Help Desk Service Level Expectations Revised: 01/09/2012

IT Help Desk Service Level Expectations Revised: 01/09/2012 IT Help Desk Service Level Expectatins Revised: 01/09/2012 Overview The IT Help Desk team cnsists f six (6) full time emplyees and fifteen (15) part time student emplyees. This team prvides supprt fr 25,000+

More information

Systems Support - Extended

Systems Support - Extended 1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets

More information

HIPAA PRIVACY AND SECURITY POLICY AND PROCEDURES FOR THE PRACTICE OF

HIPAA PRIVACY AND SECURITY POLICY AND PROCEDURES FOR THE PRACTICE OF HIPAA PRIVACY AND SECURITY POLICY AND PROCEDURES FOR THE PRACTICE OF WEISS CHIROPRACTIC EFFECTIVE: SEPTEMBER 1, 2013 Page 1 POLICY AND PROCEDURES CONTENTS General Overview / Cverage... 2 Designated Recrd

More information

Information Services Hosting Arrangements

Information Services Hosting Arrangements Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based

More information

WHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy

WHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy WHAT YOU NEED TO KNOW ABOUT Prtecting yur Privacy YOUR PRIVACY IS OUR PRIORITY Credit unins have a histry f respecting the privacy f ur members and custmers. Yur Bard f Directrs has adpted the Credit Unin

More information

State of California California Technology Agency. Software Management Plan Guidelines

State of California California Technology Agency. Software Management Plan Guidelines State f Califrnia Califrnia Technlgy Agency Sftware Management Plan Guidelines Revised April 2011 Sectin 1 1.0 Overview INTRODUCTION TO SOFTWARE MANAGEMENT PLANNING The State Administrative Manual (SAM)

More information

Presentation: The Demise of SAS 70 - What s Next?

Presentation: The Demise of SAS 70 - What s Next? Presentatin: The Demise f SAS 70 - What s Next? September 15, 2011 1 Presenters: Jeffrey Ziplw - Partner BlumShapir Jennifer Gerasimv Senir Manager Delitte. SAS 70 Backgrund and Overview Purpse f a SAS

More information

Internet Banking Agreement and Disclosure Statement

Internet Banking Agreement and Disclosure Statement Internet Banking Agreement and Disclsure Statement This agreement cntains the terms and cnditins that gvern accessing r using Internet Banking (NetTeller), Bill Payment Services, Mbile Banking and On Demand

More information

Remote Working (Policy & Procedure)

Remote Working (Policy & Procedure) Remte Wrking (Plicy & Prcedure) Publicatin Scheme Y/N Department f Origin Plicy Hlder Authrs Can be published n Frce Website Prfessinal Standards Department (PSD) Ch Supt Head f PSD IT Security Officer

More information

Outsourcing arrangements

Outsourcing arrangements Rules Ntice Guidance Nte Dealer Member Rules Please distribute internally t: Internal Audit Legal and Cmpliance Operatins Regulatry Accunting Senir Management Cntacts: Luis Piergeti Vice President, Financial

More information

State of North Carolina. Statewide Information Security Manual. Prepared by the Enterprise Security and Risk Management Office

State of North Carolina. Statewide Information Security Manual. Prepared by the Enterprise Security and Risk Management Office State f Nrth Carlina Statewide Infrmatin Security Manual Prepared by the Enterprise Security and Risk Management Office Publicatin Date: January 2015 1 This page intentinally left blank 2 TABLE OF CONTENTS

More information

OITS Service Level Agreement

OITS Service Level Agreement OITS Service Level Agreement Objective A Service Level Agreement (SLA) describes the IT Service, dcuments Service Level Targets, and specifies the respnsibilities f the IT Service Prvider and the Custmer.

More information

Help Desk Level Competencies

Help Desk Level Competencies Help Desk Level Cmpetencies Level 1 Take user calls and manage truble tickets Ability t staff and manage the rganizatins helpdesk and effectively respnd t rutine custmer calls Ability t use prper grammar

More information

MEDICAID ENTERPRISE CERTIFICATION TOOLKIT Appendix B: Required Artifacts List

MEDICAID ENTERPRISE CERTIFICATION TOOLKIT Appendix B: Required Artifacts List MEDICAID ENTERPRISE CERTIFICATION TOOLKIT Appendix B: Required s List March 2016 Issued by Divisin f State Systems Data and Systems Grup Centers fr Medicaid and CHIP Services Centers fr Medicare & Medicaid

More information

ACTIVITY MONITOR Real Time Monitor Employee Activity Monitor

ACTIVITY MONITOR Real Time Monitor Employee Activity Monitor ACTIVITY MONITOR Real Time Mnitr Emplyee Activity Mnitr This pwerful tl allws yu t track any LAN, giving yu the mst detailed infrmatin n what, hw and when yur netwrk users perfrmed. Whether it is a library

More information

Employees - recruitment, records and monitoring

Employees - recruitment, records and monitoring Emplyees - recruitment, recrds and mnitring This guidance has been prduced t help rganisatins cmply with the Data Prtectin Act (DPA) when recruiting and emplying wrkers. It is relevant t public sectr emplyers,

More information

State of Wisconsin. File Server Service Service Offering Definition

State of Wisconsin. File Server Service Service Offering Definition State f Wiscnsin File Server Service Service Offering Definitin Dcument Revisin Histry Date Versin Creatr Ntes 2/16/2008 1.0 JD Urfer First pass 2/16/2008 2.0 Tm Runge Editing changes 2/19/2009 2.1 Tm

More information

System Business Continuity Classification

System Business Continuity Classification System Business Cntinuity Classificatin Business Cntinuity Prcedures Infrmatin System Cntingency Plan (ISCP) Business Impact Analysis (BIA) System Recvery Prcedures (SRP) Cre Infrastructure Criticality

More information

Felician College. Computer Use Policy. Office of Information Technology 262 South Main St Lodi, NJ 07644-2117

Felician College. Computer Use Policy. Office of Information Technology 262 South Main St Lodi, NJ 07644-2117 Felician Cllege Office f Infrmatin Technlgy 262 Suth Main St Ldi, NJ 07644-2117 Cmputer Use Plicy Intrductin - In supprt f Felician Cllege's missin f teaching and public service, the Infrmatin Technlgy

More information

RATIONALE TERMS OF REFERENCE FOR THE QUALITY COMMITTEE UNDER THE EXCELLENT CARE FOR ALL ACT. Authority

RATIONALE TERMS OF REFERENCE FOR THE QUALITY COMMITTEE UNDER THE EXCELLENT CARE FOR ALL ACT. Authority RATIONALE With the intrductin f the Excellent Care fr All Act, hspital bards must nw have a quality cmmittee that reprts t the bard. The template prvides sample terms f references fr rganizatins t adapt

More information

Internet and E-Mail Policy User s Guide

Internet and E-Mail Policy User s Guide Internet and E-Mail Plicy User s Guide Versin 2.2 supprting partnership in mental health Internet and E-Mail Plicy User s Guide Ver. 2.2-1/5 Intrductin Health and Scial Care requires a great deal f cmmunicatin

More information

System Business Continuity Classification

System Business Continuity Classification Business Cntinuity Prcedures Business Impact Analysis (BIA) System Recvery Prcedures (SRP) System Business Cntinuity Classificatin Cre Infrastructure Criticality Levels Critical High Medium Lw Required

More information

INFORMATION TECHNOLOGY USAGE POLICY COUNTY OF ORANGE

INFORMATION TECHNOLOGY USAGE POLICY COUNTY OF ORANGE INFORMATION TECHNOLOGY USAGE POLICY COUNTY OF ORANGE Cunty f Orange Infrmatin Technlgy Usage Plicy 1 INTRODUCTION: The Cunty f Orange Infrmatin Technlgy (IT) Usage Plicy is the fundatin f the Cunty s infrmatin

More information

We will record and prepare documents based off the information presented

We will record and prepare documents based off the information presented Dear Client: We appreciate the pprtunity f wrking with yu regarding yur Payrll needs. T ensure a cmplete understanding between us, we are setting frth the pertinent infrmatin abut the services that we

More information

FINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service.

FINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service. FINANCIAL OPTIONS 1. Fr thse patients wh carry dental insurance, all c-payments are due n date f service. We will file yur claim as a service t yu, and will d ur very best t maximize yur benefits. We accept

More information

Vantiv eprotect iframe Technical Assessment Paper Prepared for:

Vantiv eprotect iframe Technical Assessment Paper Prepared for: Vantiv eprtect iframe Technical Assessment Paper Prepared fr: Octber 13, 2015 P a g e 2 Cntents EXECUTIVE SUMMARY...3 OVERVIEW... 3 ABOUT VANTIV EPROTECT... 4 OPERATIONAL FLOW... 5 TECHNICAL ASSESSMENT...6

More information

IN-HOUSE OR OUTSOURCED BILLING

IN-HOUSE OR OUTSOURCED BILLING IN-HOUSE OR OUTSOURCED BILLING Medical billing is ne f the mst cmplicated aspects f running a medical practice. With thusands f pssible cdes fr diagnses and prcedures, and multiple payers, the ability

More information

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t

More information

Accident Investigation

Accident Investigation Accident Investigatin APPLICABLE STANDARD: 1960.29 EMPLOYEES AFFECTED: All emplyees WHAT IS IT? Accident investigatin is the prcess f determining the rt causes f accidents, n-the-jb injuries, prperty damage,

More information

NAIC Replacement Requirements For Certain Life Insurance Policies And Annuity Contracts

NAIC Replacement Requirements For Certain Life Insurance Policies And Annuity Contracts NAIC Replacement Requirements Fr Certain Life Insurance Plicies And Annuity Cntracts Duties f Prducers If a transactin invlves a replacement, the prducer must leave with the applicant, at the time an applicatin

More information

SPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010

SPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010 OntariMD Inc. Electrnic Medical Recrds SPECIFICATION Hspital Reprt Manager Cnnectivity Requirements DRAFT Date: September 30, 2010 Versin: 1.0 2007-2010 OntariMD Inc. All rights reserved HRM EMR Cnnectivity

More information

BAMS Third Party Service Providers (TPSPs) FAQs

BAMS Third Party Service Providers (TPSPs) FAQs BAMS Third Party Service Prviders (TPSPs) FAQs 1) What is the Third Party Service Prvider (TPSP) Agent Registratin Prgram? The TPSP Agent Registratin Prgram is a Card Brand (Visa USA Inc and MasterCard

More information

Sources of Federal Government and Employee Information

Sources of Federal Government and Employee Information Inf Surce Surces f Federal Gvernment and Emplyee Infrmatin Ridley Terminals Inc. TABLE OF CONTENTS General Infrmatin Intrductin t Inf Surce Backgrund Respnsibilities Institutinal Functins, Prgram and Activities

More information