Site responsible for ensuring eivf meets patient care needs. eivf is customizable per site request.
|
|
- Sherilyn Hodge
- 7 years ago
- Views:
Transcription
1 CAP REQUIREMENTS GEN If components of the LIS are located at a facility other than the one under CAP accreditation number, is there evidence that the remote facility complies with CAP requirements for host LIS functions? GEN N/A. All components of the LIS are under the laboratory s CAP/CLIA-88 registration number. eivf has been provided with a copy of the CAP checklist and has addressed the contents of the Computer Facility section. In the judgment of the laboratory director, is the functionality and reliability of the computer system (hardware and software) adequate to meet the needs of patient care? GEN Site responsible for ensuring eivf meets patient care needs. eivf is customizable per site request. Is the computer facility and equipment clean, well-maintained and adequately ventilated with appropriate environmental control. GEN N/A. Site is computer facility. Is fire-fighting equipment (extinguishers) appropriate for electrical components available? GEN N/A. Site is responsible for accessible fire-fighting equipment. Are all wires and computer cables properly located and/or protected from traffic? GEN Is the computer system adequately protected against electrical power interruptions and surges? GEN Are LIS/computer procedures clearly documented, complete and readily available to all authorized users? GEN Yes. The laboratory staff is able to document all day-to-day activities. Authorization is user restricted so users may only have access to the procedures they need to perform their job duties. Is there a procedure for support of the computer system? eivf Compliance with Cap Requirements 1
2 GEN Local maintenance of hardware is the responsibility of the site. Vendor support is available from 8am to 5 pm central time. Emergency contact for eivf software support is available 24 hours a day. Is there documentation that laboratory computer procedures are reviewed at least annually by the laboratory director or designee? GEN N/A. Laboratory computer procedures should be reviewed annually by site designee. Any modifications to current practice may be addressed to eivf for changes and updates. Is there documentation of all hardware modifications? GEN N/A. Site is responsible for all hardware modifications. Is there documentation that programs are adequately tested for proper functioning when first installed and after any modifications, and that the laboratory director or designee has approved the use of all new programs and modifications? GEN When fist installed, eivf and laboratory staff spend a minimum of three days in training to ensure all programs are tested for proper functioning. Modifications are site specific according to laboratory request. Are customized programs appropriately documented? GEN eivf offers a customizable software to document all daily activities of an infertility clinic including scheduling, billing, labs (blood work), nursing, physician, procedures, andrology, and embryology. All sites however, may elect to only use certain functions of the program as deemed necessary and appropriate. Is there an adequate tracking system to identify all persons who have added or modified software? GEN All additions or modifications to eivf software are documented using source control and a historical copy of each modification is kept in source safe. Is there documentation that all users of the computer system receive adequate training initially, after system modification, and after installation of a new system? GEN Site is required to document all trainers have received adequate training. Is there a responsible person (e.g. Computer System Manager) in the laboratory who is notified of significant computer malfunction? GEN N/A. Site is responsible for designating Computer System Manager. Has the laboratory information system been validated for blood banking/transfusion medicine activities? eivf Compliance with Cap Requirements 2
3 GEN N/A. Blood banking/transfusion not an activity of sites. Is there a documented process to verify the integrity of the system (operating system, applications, and database) after restoration of data files? GEN Yes. Database integrity tests are run. Verification to the key tables are run through the scripts. Is downtime for maintenance scheduled to minimize interruption of service? GEN eivf allows flexibility in scheduling for maintenance to minimize clinical sites interruption of service during patient care peak operating times. Is there a documented schedule and procedure for regular maintenance of hardware and software either by maintenance contracts or documented in-house procedures? GEN N/A. Site is responsible for regular maintenance of hardware. Software has available eivf support team if any problems arise. Are service and repair records available for all hardware and software? GEN Hardware service and repair records are the responsibility of the site. Third party vendor, Bridge, keeps track of all software changes. Is there evidence of ongoing evaluation of system maintenance records? GEN N/A. Site is responsible for hardware maintenance. Are there explicit documented policies that specify who may use the computer system to enter of access patient data, change results, change billing or alter programs? GEN User access is restricted according to infertility practice guidelines. The site is responsible for defining the level of access per user in the setup mode of eivf and keeping appropriate documentation. Are computer access codes (security codes, user codes) in place to limit individuals access to those functions that are authorized to use, and is the security of access codes maintained (e.g. inactivated when employees leave, not posted on terminals)? GEN Each individual has a unique login code. Super Administrator is responsible for setting expiration date of password per user. Upon employee termination or leave, Super Administrator is responsible for removing user from eivf. Are policies and procedures in place to prevent unauthorized installation of software on any computer used by the laboratory? eivf Compliance with Cap Requirements 3
4 GEN N/A. The site is responsible for policies and procedures to prevent unauthorized installation of software on any computer used by the laboratory. eivf is a server based application, and therefore, its integrity is not compromised by other programs. If the facility uses a public network, such as the Internet as a data exchange medium, are there adequate network security measures in place to ensure confidentiality of patient data? GEN Portals are available through eivf to patients, pharmacies, and referring doctors. Sites are instructed regarding assignment of unique individual codes to access information. Sites are also instructed to register and install SSL on eivf server to ensure secure exchange of information. Does the laboratory have procedures to ensure compliance with HIPAA? GEN N/A. Responsibility of site. Users are given unique identification codes that are managed by on site Super User. Is there documentation that calculations performed on patient data by the computer are reviewed annually, or when a system change is made that may affect the calculations? GEN Yes. System calculations are stored in a structure file and verified with any system change. Are system data tables set up to detect absurd values before reporting? GEN All labs are accompanied by reportable range. Critical values are highlighted in red by eivf. Does the system provide for components on specimen quality that might compromise the accuracy of analytic results (e.g. hemolyzed, lipemic)? GEN Comment sections are provided with all specimen reports to allow for additional information or documentation. Is there an adequate system to identify all individuals who have entered and/or modified patient data or control files? GEN Yes. Audit trail keeps record of each and every modification by the user on the system including patient and non-patient data. Does the laboratory have a process to ensure appropriate routing of patient test results to physicians? GEN Are manual and automated result entries verified before final acceptance and reporting by the computer? eivf Compliance with Cap Requirements 4
5 GEN Yes. Laboratory users are required by eivf to enter lab data and then go back and review data one more time before releasing to appropriate party. Are there documented procedures to ensure reporting of patient results in a prompt and useful fashion during partial or complete downtime and recovery of system? GEN Is there a policy signed by the laboratory director approving the use of autoverification procedures? GEN Is there documentation that the autoverification process was validated initially, and is tested at least annually and whenever there is a change to the system that could affect the autoverification logic? GEN Autoverification is initially tested with lab and eivf staff. Annual verification is the lab s responsibility. Can a complete copy of archived patient test results be reprinted, including original reference ranges and interpretive comments, including any flags or footnotes that were present in the original report? GEN Yes. All information may be printed. When multiple identical analyzers are used, they are uniquely identified such that a test result may be appropriately traced back to the instrument performing the test? GEN N/A. No sites currently using multiple identical analyzers. If necessary, eivf does have the ability to uniquely define each analyzer. Does the laboratory have a process to monitor computer system performance, to ensure that the data storage capacity and performance of the system are sufficient to meet the patient needs of the organization? GEN Are there documented procedures for the preservation of data and equipment in case of an unexpected destructive event (e.g. fire, flood), software failure and/or hardware failure, and do these procedures allow for timely restoration of service? GEN N/A. Site is responsible for daily backup of data to be kept in separate location for timely restoration of service. Is emergency service for both computer hardware and software available at all necessary times? Hardware emergency service is the responsibility of the site. Software emergency service is available 24 hours a day. eivf Compliance with Cap Requirements 5
6 GEN Are storage data media (e.g. tape reels, disk cartridges) properly labeled, stored, and protected from damage and unauthorized use? GEN N/A. Responsibility of site. Are computer error messages that alert computer users of imminent problems monitored and is the error message response system tested periodically? GEN Server generated and client generated error messages are logged back on the server with specific error number and description. Is there documentation of responses to any error messages during the system backup? GEN Sequel server documents the responses into the windows events log for each response to the error message generated during system backup or restoration process. Is there a documented record of unscheduled downtime, system degradation (response time), or other computer problems that includes reasons for failure and corrective actions taken? GEN If the system uses an interface to populate data into another computer system, is a documented encoding and transmission scheme such as HL-7 utilized? GEN Yes. Outside laboratories such as Labcorp and billing systems utilize HL-7. Ultrasound machines use ASTM. As applicable, are reference ranges and units of measure for every test transmitted with the patient result across the interface? GEN Yes. Units of measure for every test are transmitted with the patient result. Reference ranges are transmitted as applicable. Are acceptable transmission limits established for data throughput by the interface engine, and is this parameter periodically monitored and recorded? GEN N/A. Site responsibility. The laboratory should establish a time tolerance limit for results reporting to the output device. Also, the laboratory should periodically monitor the performance of its reporting systems. If data in other computer systems can be accessed through the LIS (e.g. pharmacy or medical records), are there documented policies to prevent unauthorized access to that data through the LIS? eivf Compliance with Cap Requirements 6
7 N/A. GEN Is there a documented system in operation to periodically verify that patient results are accurately transmitted from the point of data entry (interfaced instruments and manual input) to all types of patient reports (both paper and video displays)? GEN Error logs are monitored by the end user for transactions between external labs, interfaced instruments, and eivf. Are there procedures for changes in laboratory functions necessary during partial or complete shutdown and recovery of systems that interface with the laboratory information system? GEN If the system is down, the external labs interface engine will not allow the information to be sent. The external lab will be notified the data is not sent. Is there periodic monitoring of network performance and availability to all sites? GEN N/A. Responsibility of site IT department. Is the network equipment accessible, well-maintained, and adequately labeled, showing which devices are using a specific port? GEN N/A. Responsibility of the site. Is the laboratory director a physician or doctoral level clinical scientist qualified by training, expertise and experience in the areas of testing offered by the laboratory? eivf Compliance with Cap Requirements 7
PERFORMANCE EVALUATION AUDIT CHECKLIST EXAMPLE. EIIP Volume VI
Final 7/96 APPENDIX E - PERFORMANCE EVALUATION AUDIT APPENDIX E PERFORMANCE EVALUATION AUDIT CHECKLIST EXAMPLE APPENDIX E - PERFORMANCE EVALUATION AUDIT Final 7/96 This page is intentionally left blank.
More informationPART 10 COMPUTER SYSTEMS
PART 10 COMPUTER SYSTEMS 10-1 PART 10 COMPUTER SYSTEMS The following is a general outline of steps to follow when contemplating the purchase of data processing hardware and/or software. The State Board
More informationTechnical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and
Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and procedures to govern who has access to electronic protected
More informationCHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS
11-1 CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS INTRODUCTION The State Board of Accounts, in accordance with State statutes and the Statements on Auditing Standards Numbers 78
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationGeneral Computer Controls
1 General Computer Controls Governmental Unit: University of Mississippi Financial Statement Date: June 30, 2007 Prepared by: Robin Miller and Kathy Gates Date: 6/29/2007 Description of computer systems
More informationChecklist. Standard for Medical Laboratory
Checklist Standard for Medical Laboratory Name of hospital..name of Laboratory..... Name. Position / Title...... DD/MM/YY.Revision... 1. Organization and Management 1. Laboratory shall have the organizational
More informationPREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:
A SYSTEMS UNDERSTANDING A 1.0 Organization Objective: To ensure that the audit team has a clear understanding of the delineation of responsibilities for system administration and maintenance. A 1.1 Determine
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationCHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
More informationHow To Write A Health Care Security Rule For A University
INTRODUCTION HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 The Health Insurance Portability and Accountability Act (HIPAA) Security Rule, as a
More informationVMware vcloud Air HIPAA Matrix
goes to great lengths to ensure the security and availability of vcloud Air services. In this effort VMware has completed an independent third party examination of vcloud Air against applicable regulatory
More informationFinal Audit Report. Audit of Data Integrity MCCS Feeder System Interfacing with SAP
Final Audit Report Audit of Data Integrity MCCS Feeder System Interfacing with SAP April 2008 Table of Contents Executive Summary... ii Introduction...........1 Background... 1 Audit Objectives... 1 Scope
More informationSupplier IT Security Guide
Revision Date: 28 November 2012 TABLE OF CONTENT 1. INTRODUCTION... 3 2. PURPOSE... 3 3. GENERAL ACCESS REQUIREMENTS... 3 4. SECURITY RULES FOR SUPPLIER WORKPLACES AT AN INFINEON LOCATION... 3 5. DATA
More informationIT - General Controls Questionnaire
IT - General Controls Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks G1. ACCESS CONTROLS Access controls are comprised of those policies and procedures that are designed to allow
More informationRemote Deposit Terms of Use and Procedures
Remote Deposit Terms of Use and Procedures Use of American National Bank Fox Cities (Bank) Remote Deposit service is subject to the following Terms of Use and Procedures. Bank reserves the right to update
More informationPreparing for the HIPAA Security Rule
A White Paper for Health Care Professionals Preparing for the HIPAA Security Rule Introduction The Health Insurance Portability and Accountability Act (HIPAA) comprises three sets of standards transactions
More informationLaboratory Computer Systems
LAP Audioconference Laboratory Computer Systems October 21, 2009 Bruce A. Beckwith, MD, FCAP 2009 College of American Pathologists. Materials are used with the permission of the faculty Learning Objectives
More informationGuidance for Industry Computerized Systems Used in Clinical Investigations
Guidance for Industry Computerized Systems Used in Clinical Investigations U.S. Department of Health and Human Services Food and Drug Administration (FDA) Office of the Commissioner (OC) May 2007 Guidance
More informationSECTION 15 INFORMATION TECHNOLOGY
SECTION 15 INFORMATION TECHNOLOGY 15.1 Purpose 15.2 Authorization 15.3 Internal Controls 15.4 Computer Resources 15.5 Network/Systems Access 15.6 Disaster Recovery Plan (DRP) 15.1 PURPOSE The Navajo County
More informationIBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public]
IBX Business Network Platform Information Security Controls 2015-02- 20 Document Classification [Public] Table of Contents 1. General 2 2. Physical Security 2 3. Network Access Control 2 4. Operating System
More informationIT Security Standard: Computing Devices
IT Security Standard: Computing Devices Revision History: Date By Action Pages 09/30/10 ITS Release of New Document Initial Draft Review Frequency: Annually Responsible Office: ITS Responsible Officer:
More informationProcedure for Equipment Calibration and Maintenance
Procedure for Equipment Calibration and Maintenance 1.0 Purpose This procedure specifies the schedule and requirements for calibration, performance verification, and maintenance of State Crime Laboratory
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationINFORMATION TECHNOLOGY CONTROLS
CHAPTER 14 INFORMATION TECHNOLOGY CONTROLS SCOPE This chapter addresses requirements common to all financial accounting systems and is not limited to the statewide financial accounting system, ENCOMPASS,
More information3.11 System Administration
3.11 The functional area is intended to contribute to the overall flexibility, efficiency, and security required for operating and maintaining the system. Depending on the architecture of the system, system
More informationREGULATIONS COMPLIANCE ASSESSMENT
ALIX is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation. REGULATIONS COMPLIANCE ASSESSMENT BUSINESS
More informationREVENUE REGULATIONS NO. 9-2009 issued on December 29, 2009 defines the requirements, obligations and responsibilities imposed on taxpayers for the
REVENUE REGULATIONS NO. 9-2009 issued on December 29, 2009 defines the requirements, obligations and responsibilities imposed on taxpayers for the maintenance, retention and submission of electronic records.
More information2009 LAP Audioconference Series. Laboratory Computer Systems
2009 LAP Audioconference Series Objectives: After participating in this audioconference you will be able to: Describe the requirements for validating computer interfaces Understand the principles for validating
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationThis document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered business sensitive.
SERVICEPOINT SECURING CLIENT DATA This document and the information contained herein are the property of and should be considered business sensitive. Copyright 2006 333 Texas Street Suite 300 Shreveport,
More informationBOWMAN SYSTEMS SECURING CLIENT DATA
BOWMAN SYSTEMS SECURING CLIENT DATA 2012 Bowman Systems L.L.C. All Rights Reserved. This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered
More informationSupplement to the Guidance for Electronic Data Capture in Clinical Trials
Supplement to the Guidance for Electronic Data Capture in Clinical Trials January 10, 2012 Drug Evaluation Committee, Japan Pharmaceutical Manufacturers Association Note: The original language of this
More informationISO 27001 Controls and Objectives
ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements
More informationHIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE
HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE How to Use this Assessment The following risk assessment provides you with a series of questions to help you prioritize the development and implementation
More informationHow To Use Adobe Software For A Business
EXHIBIT FOR MANAGED SERVICES (2013V3) This Exhibit for Managed Services, in addition to the General Terms, the OnDemand Exhibit, and any applicable PDM, applies to any Managed Services offering licensed
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationWHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery
WHITE PAPER HIPAA-Compliant Data Backup and Disaster Recovery DOCUMENT INFORMATION HIPAA-Compliant Data Backup and Disaster Recovery PRINTED March 2011 COPYRIGHT Copyright 2011 VaultLogix, LLC. All Rights
More informationRecords Management Self-Evaluation Guide
Records Management Self-Evaluation Guide Introduction University of Cincinnati Records Management has developed this self-evaluation guide for departments to use as an overview of the basic components
More informationHIPAA Privacy and Security Risk Assessment and Action Planning
HIPAA Privacy and Security Risk Assessment and Action Planning Practice Name: Participants: Date: MU Stage: EHR Vendor: Access Control Unique ID and PW for Users (TVS016) Role Based Access (TVS023) Account
More informationThis policy is not designed to use systems backup for the following purposes:
Number: AC IT POL 003 Subject: Backup and Restore Policy 1. PURPOSE The backup and restore policy establishes the need and rules for performing periodic system backup to permit timely restoration of Africa
More information15 Organisation/ICT/02/01/15 Back- up
15 Organisation/ICT/02/01/15 Back- up 15.1 Description Backup is a copy of a program or file that is stored separately from the original. These duplicated copies of data on different storage media or additional
More informationNetwork Security Policy
IGMT/15/036 Network Security Policy Date Approved: 24/02/15 Approved by: HSB Date of review: 20/02/16 Policy Ref: TSM.POL-07-12-0100 Issue: 2 Division/Department: Nottinghamshire Health Informatics Service
More informationNetwork & Information Security Policy
Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk
More informationService from the Start Bronze with Comprehensive Coverage
Service from the Start Bronze with Comprehensive Coverage Part Number: SSB- Service from the Start Bronze with Comprehensive Coverage is a unique prepaid program that includes normal wear and tear, as
More informationFairWarning Mapping to PCI DSS 3.0, Requirement 10
FairWarning Mapping to PCI DSS 3.0, Requirement 10 Requirement 10: Track and monitor all access to network resources and cardholder data Logging mechanisms and the ability to track user activities are
More informationHIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards
More informationInformation Resources Security Guidelines
Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive
More informationRetention & Destruction
Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of
More informationAppendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice
Appendix 4-2: Administrative, Physical, and Technical Safeguards Breach Notification Rule How Use this Assessment The following sample risk assessment provides you with a series of sample questions help
More informationInformation Security Policies. Version 6.1
Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access
More informationHIPAA Security COMPLIANCE Checklist For Employers
Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major
More informationAn Oracle White Paper December 2010. Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance
An Oracle White Paper December 2010 Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance Executive Overview... 1 Health Information Portability and Accountability Act Security
More informationPOLICY AND GUIDELINES FOR THE MANAGEMENT OF ELECTRONIC RECORDS INCLUDING ELECTRONIC MAIL (E-MAIL) SYSTEMS
POLICY AND GUIDELINES FOR THE MANAGEMENT OF ELECTRONIC RECORDS INCLUDING ELECTRONIC MAIL (E-MAIL) SYSTEMS 1. Purpose Establish and clarify a records management policy for municipal officers with respect
More informationDATA SECURITY AGREEMENT. Addendum # to Contract #
DATA SECURITY AGREEMENT Addendum # to Contract # This Data Security Agreement (Agreement) is incorporated in and attached to that certain Agreement titled/numbered and dated (Contract) by and between the
More informationINSIDE. Preventing Data Loss. > Disaster Recovery Types and Categories. > Disaster Recovery Site Types. > Disaster Recovery Procedure Lists
Preventing Data Loss INSIDE > Disaster Recovery Types and Categories > Disaster Recovery Site Types > Disaster Recovery Procedure Lists > Business Continuity Plan 1 Preventing Data Loss White Paper Overview
More informationElectronic Prescribing of Controlled Substances Technical Framework Panel. Mark Gingrich, RxHub LLC July 11, 2006
Electronic Prescribing of Controlled Substances Technical Framework Panel Mark Gingrich, RxHub LLC July 11, 2006 RxHub Overview Founded 2001 as nationwide, universal electronic information exchange Encompass
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationDetermine if the expectations/goals/strategies of the firewall have been identified and are sound.
Firewall Documentation Develop background information about the firewall(s) in place: Segment diagrams Software Hardware Routers Version levels Host names IP addresses Connections Specific policies for
More informationHIPAA Security Checklist
HIPAA Security Checklist The following checklist summarizes HIPAA Security Rule requirements that should be implemented by covered entities and business associates. The citations are to 45 CFR 164.300
More informationBACKUP SECURITY GUIDELINE
Section: Information Security Revised: December 2004 Guideline: Description: Backup Security Guidelines: are recommended processes, models, or actions to assist with implementing procedures with respect
More informationHIPAA Audit Processes HIPAA Audit Processes. Erik Hafkey Rainer Waedlich
HIPAA Audit Processes Erik Hafkey Rainer Waedlich 1 Policies for all HIPAA relevant Requirements and Regulations Checklist for an internal Audit Process Documentation of the compliance as Preparation for
More informationSITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA
SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...
More information2.2 INFORMATION SERVICES Documentation of computer services, computer system management, and computer network management.
3 Audit Trail Files Data generated during the creation of a master file or database, used to validate a master file or database during a processing cycle. GS 14020 Retain for 3 backup cycles Computer Run
More informationInternal Control Deliverables. For. System Development Projects
DIVISION OF AUDIT SERVICES Internal Control Deliverables For System Development Projects Table of Contents Introduction... 3 Process Flow... 3 Controls Objectives... 4 Environmental and General IT Controls...
More informationRajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np
Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security
More informationRequirements Specification Document for esim-mr 1.0
Requirements Specification Document for esim-mr 1.0 1. Overview: This document describes the requirements for the esim-mr system, version 1.0. 1.1 Current System The current system used by most doctors
More informationBrochure Achieving security with cloud data protection. Autonomy LiveVault
Achieving security with cloud data protection Autonomy LiveVault Can cloud backup be secure? Today, more and more companies recognize the value and convenience of using cloud backup to protect their server
More information21 CFR PART 11 ELECTRONIC RECORDS, ELECTRONIC SIGNATURES 21.11.2013. 21 CFR Part 11 Compliance PLA 2.1
21 CFR PART 11 ELECTRONIC RECORDS, ELECTRONIC SIGNATURES Compliance of PLA 2.1 21.11.2013 21 CFR Part 11 Compliance PLA 2.1 SEC. 11.2 IMPLEMENTATION. (a) For records required to be maintained but not submitted
More informationUniversity of Liverpool
University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October
More informationHIPAA Information Security Overview
HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationHIPAA. considerations with LogMeIn
HIPAA considerations with LogMeIn Introduction The Health Insurance Portability and Accountability Act (HIPAA), passed by Congress in 1996, requires all organizations that maintain or transmit electronic
More informationGuideline on risk management and other aspects of internal control in stock exchange
until further notice 1 (11) Applicable to stock exchanges Guideline on risk management and other aspects of internal control in stock exchange By virtue of section 4, paragraph 2, of the Act on the Financial
More informationStandard: Information Security Incident Management
Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of
More informationInformation System Audit. Arkansas Administrative Statewide Information System (AASIS) General Controls
Information System Audit Arkansas Administrative Statewide Information System (AASIS) General Controls ARKANSAS DIVISION OF LEGISLATIVE AUDIT April 12, 2002 April 12, 2002 Members of the Legislative Joint
More informationManageEngine Desktop Central Training
ManageEngine Desktop Central Training Course Objectives Who Should Attend Course Agenda Course Objectives Desktop Central training helps you IT staff learn the features offered by Desktop Central and to
More informationREQUEST FOR INFORMATION (RFI) Health Interface Engine Solution
City of Philadelphia Department of Public Health 1401 JFK Blvd Suite 600 Philadelphia, PA 19102 REQUEST FOR INFORMATION (RFI) This document contains a Request for Information (RFI) for an interface engine
More informationInformation Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis
Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University
More informationEHRs and Information Availability: Are You At Risk?
May 2006 Issue EHRs and Information Availability: Are You At Risk? The EHR initiative is changing the face of disaster and the nature of prevention planning. By Jim Grogan On April 27, 2004, the age of
More informationIn response to the Meaningful Use (MU) initiative in the American Recovery and
Testing Overview for a Multi-Application Implementation GETVITALIZED.COM Kelly Bishop, VCS Principal Consultant, PMO Practice In response to the Meaningful Use (MU) initiative in the American Recovery
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationMille Lacs Band of Ojibwe Indians Gaming Regulatory Authority Detailed Gaming Regulations
I. SCOPE. This document includes the for Information Technology to be regulated and played in compliance with Title 15 of the Mille Lacs Band Statutes Annotated. II. REGULATIONS APPLICABLE TO INFORMATION
More informationSummary of CIP Version 5 Standards
Summary of CIP Version 5 Standards In Version 5 of the Critical Infrastructure Protection ( CIP ) Reliability Standards ( CIP Version 5 Standards ), the existing versions of CIP-002 through CIP-009 have
More informationXN--P1AI (РФ) DNSSEC Policy and Practice Statement
XN--P1AI (РФ) DNSSEC Policy and Practice Statement XN--P1AI (РФ) DNSSEC Policy and Practice Statement... 1 INTRODUCTION... 2 Overview... 2 Document name and identification... 2 Community and Applicability...
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationThe Impact of 21 CFR Part 11 on Product Development
The Impact of 21 CFR Part 11 on Product Development Product development has become an increasingly critical factor in highly-regulated life sciences industries. Biotechnology, medical device, and pharmaceutical
More informationCompliance Matrix for 21 CFR Part 11: Electronic Records
Compliance Matrix for 21 CFR Part 11: Electronic Records Philip E. Plantz, PhD, Applications Manager David Kremer, Senior Software Engineer Application Note SL-AN-27 Revision A Provided By: Microtrac,
More informationHIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics
HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationCoSign for 21CFR Part 11 Compliance
CoSign for 21CFR Part 11 Compliance 2 Electronic Signatures at Company XYZ Company XYZ operates in a regulated environment and is subject to compliance with numerous US government regulations governed
More informationCircular to All Licensed Corporations on Information Technology Management
Circular 16 March 2010 Circular to All Licensed Corporations on Information Technology Management In the course of our supervision, it has recently come to our attention that certain deficiencies in information
More informationMiami University. Payment Card Data Security Policy
Miami University Payment Card Data Security Policy IT Policy IT Standard IT Guideline IT Procedure IT Informative Issued by: IT Services SCOPE: This policy covers all units within Miami University that
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationMINNESOTA. Downloaded January 2011
4658.00 (GENERAL) MINNESOTA Downloaded January 2011 4658.0015 COMPLIANCE WITH REGULATIONS AND STANDARDS. A nursing home must operate and provide services in compliance with all applicable federal, state,
More informationSupplier Information Security Addendum for GE Restricted Data
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
More informationWHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery
WHITE PAPER HIPPA Compliance and Secure Online Data Backup and Disaster Recovery January 2006 HIPAA Compliance and the IT Portfolio Online Backup Service Introduction October 2004 In 1996, Congress passed
More informationCENTER FOR NUCLEAR WASTE REGULATORY ANALYSES
Page 1 of 5 ELECTRONIC FILE ARCHIVAL AND BACKUP PROCEDURES EFFECTIVITY AND APPROVAL Revision 1 of this procedure became effective on July 6, 2004. This procedure consists of the pages and changes listed
More informationGuideline on risk management and other aspects of internal control in central securities depository
until further notice 1 (11) Applicable to central securities depositories Guideline on risk management and other aspects of internal control in central securities depository By virtue of section 4, paragraph
More informationIT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST
INFORMATION TECHNOLOGY & MANAGEMENT IT Checklist INTRODUCTION A small business is unlikely to have a dedicated IT Department or Help Desk. But all the tasks that a large organization requires of its IT
More information