MEDITECH CUSTOMERS & THE OIG QUESTIONNAIRE
|
|
- Britton Carr
- 8 years ago
- Views:
Transcription
1 MEDITECH CUSTOMERS & THE OIG QUESTIONNAIRE Hospitals that have received Medicare incentive payments for meaningful use of electronic health records have been asked by the Office of Inspector General of the Department of Health and Human Services to complete a survey aimed at identifying fraud and abuse vulnerabilities in electronic health record (EHR) systems. The OIG letter went to all hospitals that received an incentive payment between Jan. 1, 2011 and March 31, 2012, directed specifically to the CEO's or administrator's office. The letter requests that responses be submitted by Oct. 26. The OIG will use the information from the survey as part of a report expected out next year. OIG staff have informed the AHA that hospitals may take additional time to respond to the survey if needed. In addition, OIG will allow a health system to complete a single response for all facilities, where the survey responses would be the same for each entity in the system. Health systems that choose to submit a single response for all their facilities should contact Kim Yates at kim.yates@oig.hhs.gov prior to completing the survey to ensure that OIG properly accounts for their system-level response. AHA urges hospitals that respond to the OIG survey to a copy of their responses to the association at oigsurvey@aha.org. The following guide for MEDITECH facilities provides information to assist in correctly responding to specific questions about system functionality. Customers are still responsible for completing the survey and answering questions according to how they set up the system for their own use. Please note survey questions specific to hospital remain blank. 1. Please provide the following information for the individual(s) completing this questionnaire: 2. What type of EHR technology does this hospital use? 3. How many years has the hospital used any EHR technology? 4. Is this hospital part of a network of hospitals that use the same EHR technology? 5. How are diagnoses and procedures coded at this hospital? MEDITECH does allow for E&M coding using physician documentation for notes within EDM and MPM. Site determines whether this feature is in use as part of physician documentation. 6. Does this hospital have plans to adopt computer-assisted coding? 7. Does access to the hospital EHR technology require the following user authentications? A. Unique user ID. For all MEDITECH platforms Magic, Client/Server, 6.0, and 6.1.
2 Administrator users can define usernames based on any standard. The healthcare organization has the flexibility to decide the format of usernames. B. Password MAGIC and Client/Server Platforms To prevent unauthorized users from signing-on to the system, MEDITECH provides comprehensive password requirements for authentication. The healthcare organization also has the option of using network authentication processes (e.g., Active Directory) independent of MEDITECH for password management. 6.0/6.1 Platform All password management is controlled by the healthcare organization network authentication processes and is independent of MEDITECH. As such, so long as a user is defined in the MEDITECH system, his or her network password will also provide authentication to the system. This eliminates the need to remember multiple passwords or re-entering a password to sign into the MEDITECH and other systems. C. Token-based (e.g., identification card) Optional. For all MEDITECH platforms Magic, Client/Server, 6.0, and 6.1. Partnered with Imprivata, Forward Advantage offers advanced authentication options, which include USB tokens for MEDITECH healthcare organizations. D. Biometrics (e.g., fingerprints) Optional. For all MEDITECH platforms Magic, Client/Server, 6.0, and 6.1. Partnered with Imprivata, Forward Advantage offers advanced authentication options, which include biometrics for MEDITECH healthcare organizations. E. Public Key (e.g., PKI, digital certificates) Optional. For all MEDITECH platforms Magic, Client/Server, 6.0, and Has the hospital implemented the following policies and procedures regarding access to the EHR technology? A. Automatic user logoff/session timeout
3 System has this capability for all MEDITECH platforms Magic, Client/Server, 6.0, and 6.1. Site will indicate whether it has implemented policies and procedures for this. MEDITECH provides automatic timeout and suspend capabilities, which suspend a user's session and then can log them off of the system after a user-defined period of inactivity. Suspended users are required to re-enter a PIN number in order to continue with their session. In addition, some MEDITECH customers utilize proximity monitoring devices, which automatically suspend a user's session once they leave the PC and enable them to continue their suspended session when they return. Pop-up warning messages are issued in advance of such disconnection. B. Minimum password configuration rules MAGIC and Client/Server Platforms When passwords are managed and established within the MEDITECH system, they can be alphanumeric and up to fourteen characters. They cannot be the same as the user mnemonic, first or last name of the user, or the same as the one-time password. Healthcare organizations also have the option of using network authentication processes independent of MEDITECH for password management. 6.0 Platform All password requirements are defined within the healthcare organization s network authentication environment. If a user is associated with a network user in the MEDITECH system, then access to the system will be authenticated at the point of initial network log on with no separate sign on required. C. Regular changing of password MAGIC and Client/Server Platforms Within MEDITECH, system administrators can define the number of days that the system will require users to change their passwords. Healthcare organizations also have the option of using network authentication processes independent of MEDITECH for password management. If this is the case, password expiration would be handled in the network authentication environment. Therefore, if a user's network password expires then so will his or her access to MEDITECH. 6.0 Platform All password expiration parameters are defined within the healthcare organization s network authentication environment. Therefore, if a user's network password expires then so will his or her access to MEDITECH.
4 . D. User Agreements or contracts to prevent sharing of passwords 9. Does this hospital allow any outside entity (such as a payer) access to the EHR technology? 10. How does the hospital allow outside entities access to the EHR technology? *12 and 13 have no questions.* 14. To what extent does the hospital consider the following to be barriers to allowing outside entities access to EHR technology? 15. Does the audit log record data for the following events? A. Each entry or access to the EHR B. Signature event (the proactive or auto default completion of a patient encounter) C. Export of EHR document (printed, electronically exported, ed) MEDITECH patient audit log allows for tracking of exported data. However, this may be suppressed by MEDITECH upon request of the site. D. Amendments, corrections, or modifications of data E. Import of data F. Disabling of audit log, audit log cannot be disabled. G. Release of encounter for billing
5 H. Access by an authorized outside entity 16. Does the audit log record the following data? A. National Provider Identifier (NPI) B. Date/Time/User stamps C. Access type (creating, editing, viewing, printing, etc.), however print is suppressed by default unless requested by site to be on. D. Internet Protocol (IP)/ Media Access Control (MAC) address E. Network Time Protocol (NTP)/ Simple Network Time Protocol (SNTP) synchronized time F. Method of data entry (direct entry, speech recognition, automated, copy/import, copy forward, dictation) G. Date/Time/User stamp of original author when data are copied H. Date/Time/User stamp of original author if data are entered on behalf of another (e.g., an assistant enters clinical information for a physician) I. Other
6 Please specify: Date/Time/User stamp of original author, for emulation event and co-sign. 17. Is the audit log operational whenever the EHR technology is available for updates or viewing? 18. To what extent does the hospital consider the following to be barriers to having the audit log operational at all times? 19. Can the audit log be disabled? There are no commands to enable or disable audit logs all information is available to authorized users at any time. In addition, there is no limit to the amount of data stored in the MEDITECH system. 20. Who can disable the audit log? Other Please specify: The audit log cannot be disabled. 21. Can the audit log be deleted? The amount of days user audit logs are kept in the LIVE system is typically days. This is up to the healthcare organization and is defined as a parameter. We recommend periodically archiving this data, so that even if the data from a few years ago is not sitting on the LIVE servers it can be pulled back from the archive. This allows you to always have the data at your disposal. 22. Who can delete the audit log? Other Please specify: specific person can delete the audit log. The amount of days user audit logs are kept in the LIVE system is typically days. This is up to the healthcare organization and is defined as a parameter. 23. Can the audit log be edited?
7 24. Who can edit the audit log? Other Please specify: one can edit the audit log. 25. How long are audit log data stored? Data can be stored indefinitely. ARRA requirement is 6 years. There is no limit to the amount of data stored in the MEDITECH system. 26. Does the EHR technology allow for the destruction of EHR and audit log data according to the hospital's data retention policies? Best practice recommendations are to archive audit information, which will be file maintained by the transactional system. 27. Can the EHR technology produce a user friendly version of the audit log (i.e., a summary of audit data in a readable format or embedded in an electronic form) for transmitting, printing, or exporting? MEDITECH provides standard audit reports, which can be easily tailored to meet specific audit criteria. User and dictionary activity audit information is available and can be instantly viewed on screen, downloaded, printed, or ed. Search parameters and reports also can be adjusted accordingly. Reports/logs can be downloaded utilizing Windows Print Manager. These reports can then be sent to an audit engine. Audit reports also can be exported into an audit engine in the appropriate format using our Data Repository, which provides a separate ODBC compliant database. 28. Does anyone at the hospital analyze the audit log data? 29. Which of the following individuals at the hospital analyzes the audit log data? 30. How often is the audit log data reviewed and analyzed?
8 31. To what extent does the hospital consider the following to be barriers to analyzing audit log data? 32. To what extent are physician progress notes handwritten and/or dictated instead of directly entered into the EHR at this hospital? 33. How are these physician progress notes maintained? 34. Why are physician progress notes not directly entered into the EHR? 35. How are physician progress notes entered into the EHR? 36. To what extent are narrative nursing notes handwritten instead of directly entered into the EHR at this hospital? 37. How are these narrative nursing notes maintained? 38. Why are narrative nursing progress notes not directly entered into the EHR? 39. How are narrative nursing notes entered into the EHR? 40. Are there limits on which EHR users are authorized to electronically export, transfer, or print EHR documents? 41. Does the EHR technology require the user to document why an EHR document was electronically exported, transferred, or printed? 42. Does the EHR technology have the capability to disable the Print Screen function?, via MS Windows print manager. 43. Does the hospital disable the Print Screen function for the EHR technology? 44. Do patients have the following electronic access to their EHR data? to pertinent selected sections. 45. To what extent does the hospital consider the following to be barriers to allowing patient access to their EHR data?
9 46. What procedures does the hospital require to identify patients upon check-in? 47. For each patient check-in, does the EHR technology have the capability to record which identification procedure was used to confirm patient identity? 48. Can an EHR document be modified after it has been finalized by a "signature event" (i.e., the proactive or auto default completion of a patient encounter)? 49. Are the original unmodified EHR data retained?, in draft status. 50. Can the following features be customized in the EHR technology? Copy/Paste Templates 51. Does the hospital have a policy regarding the use of the copy/paste feature in EHR technology? 52. Please describe the hospital's copy/paste policy: 53. Has the hospital implemented any of the following safeguards? 54. Please describe any other procedures, policies, or capabilities specific to the EHR technology that your hospital has implemented in order to maintain data integrity and prevent fraud.
Hospital Certified Electronic Health Record (EHR) Technology Questionnaire
Page 1 of 10 Hospital Certified Electronic Health Record (EHR) Technology Questionnaire Thank you for taking time to complete this questionnaire. The Office of Inspector General (OIG) is conducting this
More informationYour responses will be saved every time you click the NEXT button.
Hospital Certified Electronic Health Record (EHR) Technology Questionnaire Thank you for taking time to complete this questionnaire The Office of Inspector General (OIG) is conducting this survey as part
More informationNOT ALL RECOMMENDED FRAUD SAFEGUARDS HAVE BEEN IMPLEMENTED IN HOSPITAL EHR TECHNOLOGY
Department of Health and Human Services OFFICE OF INSPECTOR GENERAL NOT ALL RECOMMENDED FRAUD SAFEGUARDS HAVE BEEN IMPLEMENTED IN HOSPITAL EHR TECHNOLOGY Daniel R. Levinson Inspector General December 2013
More informationMANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both.
More informationFull Compliance Contents
Full Compliance for and EU Annex 11 With the regulation support of Contents 1. Introduction 2 2. The regulations 2 3. FDA 3 Subpart B Electronic records 3 Subpart C Electronic Signatures 9 4. EU GMP Annex
More informationAUDITING TECHNIQUES TO ASSESS FRAUD RISKS IN ELECTRONIC HEALTH RECORDS
AUDITING TECHNIQUES TO ASSESS FRAUD RISKS IN ELECTRONIC HEALTH RECORDS OBJECTIVE Increase your IT vocab so that you can assess the risks related to your audits of EHRs and/or EHR related data AGENDA What
More informationDeltaV Capabilities for Electronic Records Management
January 2013 Page 1 DeltaV Capabilities for Electronic Records Management This paper describes DeltaV s integrated solution for meeting FDA 21CFR Part 11 requirements in process automation applications
More informationMANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s
More informationTools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala
Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System White Paper By Frank Tontala Agilent Technologies Software & Informatics Life Sciences & Chemical Analysis Group
More informationDeltaV Capabilities for Electronic Records Management
September 2004 Page 1 An integrated solution for meeting FDA 21CFR Part 11 requirements in process automation applications using a configurable off-the-shelf (COTS) solution Emerson Process Management.
More informationIntroduction. Connection security
SECURITY AND AUDITABILITY WITH SAGE ERP X3 Introduction An ERP contains usually a huge set of data concerning all the activities of a company or a group a company. As some of them are sensitive information
More informationFraud Prevention in an Increasingly Digitized World
Fraud Prevention in an Increasingly Digitized World California Association of Health Plans July 22, 2013 Presented by R. Gregory Cochran, MD, JD Introduction Government s evolving stance on EHR 2004 State
More informationNavigating Compliance Landmines in Electronic Health Record (EHR) Documentation
Navigating Compliance Landmines in Electronic Health Record (EHR) Documentation Brian T. Bates, CPA, CHC, MAc Corporate Compliance Officer University of Alabama Health Services Foundation, P.C. AHLA/HCCA
More informationAHLA. E. My Vendor Made Me Do It: New Compliace Risks in EHR
AHLA E. My Vendor Made Me Do It: New Compliace Risks in EHR James Cannatti Office of Counsel to the Inspector General US Department of Health and Human Services Washington, DC Danielle B. Fletcher Office
More informationitrust Medical Records System: Requirements for Technical Safeguards
itrust Medical Records System: Requirements for Technical Safeguards Physicians and healthcare practitioners use Electronic Health Records (EHR) systems to obtain, manage, and share patient information.
More informationEmpower TM 2 Software
Empower TM 2 Software 21 CFR PART 11 COMPLIANCE ASSESSMENT Revision A, December, 2005 1 of 14 Waters Corporation Note: Information presented in this document assumes that the appropriate Empower 2 System
More informationMANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But
More information21 CFR Part 11 Compliance Using STATISTICA
21 CFR Part 11 Compliance Using STATISTICA Last Updated: April 2003 This document was updated to reflect the FDA s latest guidance (released February, 2003) and the withdrawal of previous guidance.! STATSOFT
More informationHealth Insurance Portability and Accountability Act Enterprise Compliance Auditing & Reporting ECAR for HIPAA Technical Product Overview Whitepaper
Regulatory Compliance Solutions for Microsoft Windows IT Security Controls Supporting DHS HIPAA Final Security Rules Health Insurance Portability and Accountability Act Enterprise Compliance Auditing &
More informationNavigating Compliance Landmines in EHR Documentation
Navigating Compliance Landmines in EHR Documentation Brian T. Bates, CPA, CHC, Mac Corporate Compliance Officer University of Alabama Health Services Foundation, P.C. DISCLAIMER: The views and opinions
More informationTechnical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and
Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and procedures to govern who has access to electronic protected
More informationFILEHOLD DOCUMENT MANAGEMENT SYSTEM 21 CFR PART 11 COMPLIANCE WHITE PAPER
FILEHOLD DOCUMENT MANAGEMENT SYSTEM 21 CFR PART 11 COMPLIANCE WHITE PAPER Copyright 2012 FileHold Systems Inc. All rights reserved. For further information about this manual or other FileHold Systems products,
More informationThe Impact of 21 CFR Part 11 on Product Development
The Impact of 21 CFR Part 11 on Product Development Product development has become an increasingly critical factor in highly-regulated life sciences industries. Biotechnology, medical device, and pharmaceutical
More informationPREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:
A SYSTEMS UNDERSTANDING A 1.0 Organization Objective: To ensure that the audit team has a clear understanding of the delineation of responsibilities for system administration and maintenance. A 1.1 Determine
More informationSecurity FAQs (Frequently Asked Questions) for Xerox Remote Print Services
Security FAQs (Frequently Asked Questions) for Xerox Remote Print Services February 30, 2012 2012 Xerox Corporation. All rights reserved. Xerox and Xerox and Design are trademarks of Xerox Corporation
More informationOracle WebCenter Content
Oracle WebCenter Content 21 CFR Part 11 Certification Kim Hutchings US Data Management Phone: 888-231-0816 Email: khutchings@usdatamanagement.com Introduction In May 2011, US Data Management (USDM) was
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationImplementing Title 21 CFR Part 11 (Electronic Records ; Electronic Signatures) in Manufacturing Presented by: Steve Malyszko, P.E.
Implementing Title 21 CFR Part 11 (Electronic Records ; Electronic Signatures) in Manufacturing Presented by: Steve Malyszko, P.E. President & CEO Agenda Introduction Who is Malisko Engineering? Title
More informationInfoCenter Suite and the FDA s 21 CFR part 11 Electronic Records; Electronic Signatures
InfoCenter Suite and the FDA s 21 CFR part 11 Electronic Records; Electronic Signatures Overview One of the most popular applications of InfoCenter Suite is to help FDA regulated companies comply with
More informationEHR s-new Opportunities for the Confident Coder
EHR s-new Opportunities for the Confident Coder Angela Jordan, CPC Chair AAPCCA Board of Directors Manager Coding and Compliance EvolveMD amjordan.cpc@gmail.com Objective EHR basics Basic knowledge of
More informationU.S. FDA Title 21 CFR Part 11 Compliance Assessment of SAP Records Management
U.S. FDA Title 21 CFR Part 11 Compliance Assessment of SAP Records Management Disclaimer These materials are subject to change without notice. SAP AG s compliance analysis with respect to SAP software
More informationAccess Control and Audit Trail Software
Varian, Inc. 2700 Mitchell Drive Walnut Creek, CA 94598-1675/USA Access Control and Audit Trail Software Operation Manual Varian, Inc. 2002 03-914941-00:3 Table of Contents Introduction... 1 Access Control
More informationCopyright. Disclaimer. Introduction 1. System Requirements... 3. Installing the software 4
Digital Signatures User Guide Revision 1.2 build 1, Document Revision 1.12 Published 31. Octover 2011 ii Contents Copyright Disclaimer iii iii Introduction 1 System Requirements... 3 Installing the software
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationDigital Signatures on iqmis User Access Request Form
Digital Signatures on iqmis User Access Request Form When a user clicks in the User Signature block on the iqmis Access Form, the following window appears: Click Save a Copy and rename it with your name,
More informationSecurity Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1
JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us
More informationPassword Self Help Password Reset for IBM i
Password Self Help Password Reset for IBM i White Paper from Safestone Technologies Contents Overview... 2 Making the Case... 2 Setting the Stage... 3 1. Configure Product Settings... 4 2. Register Users...
More informationHIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics
HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationSavvius Insight Initial Configuration
The configuration utility on Savvius Insight lets you configure device, network, and time settings. Additionally, if you are forwarding your data from Savvius Insight to a Splunk server, You can configure
More informationMobile Admin Security
Mobile Admin Security Introduction Mobile Admin is an enterprise-ready IT Management solution that generates significant cost savings by dramatically increasing the responsiveness of IT organizations facing
More informationScreenMaster RVG200 Paperless recorder FDA-approved record keeping. Measurement made easy
Information INF13/147 EN ScreenMaster RVG200 Paperless recorder FDA-approved record keeping Measurement made easy Guidance on the use of the RVG200 paperless recorder for electronic record keeping in FDA-approved
More informationDIGIPASS Authentication for GajShield GS Series
DIGIPASS Authentication for GajShield GS Series With Vasco VACMAN Middleware 3.0 2008 VASCO Data Security. All rights reserved. Page 1 of 1 Integration Guideline Disclaimer Disclaimer of Warranties and
More informationPatient Privacy and HIPAA/HITECH
Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,
More informationSponsor Site Questionnaire FAQs Regarding Maestro Care
Sponsor Site Questionnaire FAQs Regarding Maestro Care Data Security and Validation 1. Are the electronic source documents or computer systems specific to the site and/or developed by the site? a. Developed
More informationCatapult PCI Compliance
Catapult PCI Compliance Table of Contents Catapult PCI Compliance...1 Table of Contents...1 Overview Catapult (PCI)...2 Support and Contact Information...2 Dealer Support...2 End User Support...2 Catapult
More informationHIPAA ephi Security Guidance for Researchers
What is ephi? ephi stands for Electronic Protected Health Information (PHI). It is any PHI that is stored, accessed, transmitted or received electronically. 1 PHI under HIPAA means any information that
More informationintertrax Suite intertrax exchange intertrax monitor intertrax connect intertrax PIV manager User Guide Version 3 2011
intertrax Suite intertrax exchange intertrax monitor intertrax connect intertrax PIV manager User Guide Version 3 2011 Copyright 2003-2011 by Salamander Technologies, Inc. Protected by US Patents 5,573,278;
More informationMinnesota State Colleges and Universities System Procedures Chapter 5 Administration. Guideline 5.23.1.10 Payment Card Industry Technical Requirements
Minnesota State Colleges and Universities System Procedures Chapter 5 Administration Payment Card Industry Technical s Part 1. Purpose. This guideline emphasizes many of the minimum technical requirements
More informationImplement best practices by using FileMaker Pro 7 as the backbone of your 21 CFR 11 compliant system.
21 CRF 11 Electronic Records and Signatures Implement best practices by using FileMaker Pro 7 as the backbone of your 21 CFR 11 compliant system. By Todd Duell What does Title 21 of the Code of Federal
More informationSupport for the HIPAA Security Rule
WHITE PAPER Support for the HIPAA Security Rule PowerScribe 360 Reporting v2.0 HEALTHCARE 2 SUMMARY This white paper is intended to assist Nuance customers who are evaluating the security aspects of PowerScribe
More informationEnterprise Single Sign-On City Hospital Cures Password Pain. Stephen Furstenau Operations and Support Director Imprivata, Inc. www.imprivata.
Enterprise Single Sign-On City Hospital Cures Password Pain Stephen Furstenau Operations and Support Director Imprivata, Inc. www.imprivata.com Application Security Most organizations could completely
More informationPCI DSS Requirements - Security Controls and Processes
1. Build and maintain a secure network 1.1 Establish firewall and router configuration standards that formalize testing whenever configurations change; that identify all connections to cardholder data
More informationElectronic Prescribing of Controlled Substances: Establishing a Secure, Auditable Chain of Trust
Electronic Prescribing of Controlled Substances: Establishing a Secure, Auditable Chain of Trust Imprivata Confirm ID and the DEA Interim Final Rule on EPCS Technology requirements to comply with the DEA
More informationRSA SecurID Token User Guide February 12, 2015
RSA SecurID Token User Guide Page i Table of Contents Section I How to request an RSA SecurID token... 1 Section II Setting your RSA SecurID PIN... 6 Section III Setting up PuTTY on your Windows workstation
More informationDeclaration of Conformity 21 CFR Part 11 SIMATIC WinCC flexible 2007
Declaration of Conformity 21 CFR Part 11 SIMATIC WinCC flexible 2007 SIEMENS AG Industry Sector Industry Automation D-76181 Karlsruhe, Federal Republic of Germany E-mail: pharma.aud@siemens.com Fax: +49
More informationGE Measurement & Control. Cyber Security for NEI 08-09
GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4
More informationWHITE PAPER. Support for the HIPAA Security Rule RadWhere 3.0
WHITE PAPER Support for the HIPAA Security Rule RadWhere 3.0 SUMMARY This white paper is intended to assist Nuance customers who are evaluating the security aspects of the RadWhere 3.0 system as part of
More informationCMS AND ITS CONTRACTORS HAVE ADOPTED FEW PROGRAM INTEGRITY PRACTICES TO ADDRESS VULNERABILITIES IN EHRS
Department of Health and Human Services OFFICE OF INSPECTOR GENERAL CMS AND ITS CONTRACTORS HAVE ADOPTED FEW PROGRAM INTEGRITY PRACTICES TO ADDRESS VULNERABILITIES IN EHRS Daniel R. Levinson Inspector
More information5 Day Imprivata Certification Course Agenda
Class time consists of a break in the morning and afternoon as well as an allotted time for lunch. Lengths of breaks are at the discretion of the instructor based on the time to cover material. 5 Day Imprivata
More informationAchieving HIPAA and HITECH Compliance. with Enterprise Single Sign-On
Achieving HIPAA and HITECH Compliance with Enterprise Single Sign-On Achieving HIPAA and HITECH Compliance with Enterprise Single Sign-On 1 TABLE OF CONTENTS The Challenges of HIPAA and HITECH Compliance
More informationPOLICY. Number: 7311-25-003 Title: Password Policy
POLICY Number: 7311-25-003 Title: Password Policy Authorization [ ] President and CEO [X] Vice President, Finance and Corporate Services Source: Director, Information Technology Services Cross Index: 7311-25-002,
More informationAn Oracle White Paper December 2010. Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance
An Oracle White Paper December 2010 Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance Executive Overview... 1 Health Information Portability and Accountability Act Security
More informationWhite Paper. Support for the HIPAA Security Rule PowerScribe 360
White Paper Support for the HIPAA Security Rule PowerScribe 360 2 Summary This white paper is intended to assist Nuance customers who are evaluating the security aspects of the PowerScribe 360 system as
More informationHow To Control A Record System
Thermo Scientific Qtegra Intelligent Scientific Data Solution (ISDS) Software for 21 CFR Part 11 Compliant Laboratories Technical Note 43106 Key Words Compliance, Electronic Records, 21 CFR Part 11 Goal
More informationFederal Trade Commission Privacy Impact Assessment for:
Federal Trade Commission Privacy Impact Assessment for: DCBE Websites and Blogs Consumer.ftc.gov, Consumidor.ftc.gov, OnGuardOnline, AlertaenLinea, Consumer.gov, Consumidor.gov and the BCP Business Center
More informationCalifornia State Board of Pharmacy and Medical Board of California
California State Board of Pharmacy and Medical Board of California Transmission and Receipt of Electronic Controlled Substance Prescriptions Pursuant to DEA Interim Final Rule (IFR): Electronic Prescriptions
More informationRSA Authentication Manager 7.1 Administrator s Guide
RSA Authentication Manager 7.1 Administrator s Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA and the RSA
More informationParallels Plesk Panel
Parallels Plesk Panel Copyright Notice Parallels Holdings, Ltd. c/o Parallels International GmbH Vordergasse 59 CH-Schaffhausen Switzerland Phone: +41-526320-411 Fax: +41-52672-2010 Copyright 1999-2011
More informationCoSign for 21CFR Part 11 Compliance
CoSign for 21CFR Part 11 Compliance 2 Electronic Signatures at Company XYZ Company XYZ operates in a regulated environment and is subject to compliance with numerous US government regulations governed
More informationGuide to the Configuration and Use of SFTP Clients for Uploading Digital Treatment Planning Data to IROC RI
Guide to the Configuration and Use of SFTP Clients for Uploading Digital Treatment Planning Data to IROC RI The Quality Assurance Review Center has tested several SFTP client programs for submitting digital
More informationA brief on Two-Factor Authentication
Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.
More informationVPN Web Portal Usage Guide
VPN Web Portal Usage Guide Table of Contents WHAT IS VPN WEB CLIENT 4 SUPPORTED WEB BROWSERS 4 LOGGING INTO VPN WEB CLIENT 5 ESTABLISHING A VPN CONNECTION 6 KNOWN ISSUES WITH MAC COMPUTERS 6 ACCESS INTRANET
More informationAchieving PCI COMPLIANCE with the 2020 Audit & Control Suite. www.lepide.com/2020-suite/
Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite 7. Restrict access to cardholder data by business need to know PCI Article (PCI DSS 3) Report Mapping How we help 7.1 Limit access to system
More informationStandard: Event Monitoring
Standard: Event Monitoring Page 1 Executive Summary The Event Monitoring Standard defines the requirements for Information Security event monitoring within SJSU computing resources to ensure that information
More informationAuthentiMax Software for GloMax -Multi+
TECHNICAL MANUAL AuthentiMax Software for GloMax -Multi+ Instruc ons for use of Product E8946. TM403 Revised 9/13 AuthentiMax Software for GloMax -Multi+ All technical literature is available on the Internet
More informationA Nemaris Company. Formal Privacy & Security Assessment For Surgimap version 2.2.6 and higher
A Nemaris Company Formal Privacy & Security Assessment For Surgimap version 2.2.6 and higher 306 East 15 th Street Suite 1R, New York, New York 10003 Application Name Surgimap Vendor Nemaris Inc. Version
More information21 CFR Part 11 Electronic Records & Signatures
Gap Analysis - Checklist 21 CFR Part 11 Electronic Records & Signatures his document is a proposal and starting point only. he type and extent of documentation depends on the process environment. he proposed
More informationeztechdirect Backup Service Features
eztechdirect Backup Service Features Introduction Portable media is quickly becoming an outdated and expensive method for safeguarding important data, so it is essential to secure critical business assets
More informationAgilent MicroLab Software with Spectroscopy Configuration Manager and Spectroscopy Database Administrator (SCM/SDA)
Agilent MicroLab Software with Spectroscopy Configuration Manager and Spectroscopy Database Administrator (SCM/SDA) Compliance with 21 CFR Part 11 Introduction Part 11 in Title 21 of the Code of Federal
More informationPolicy #: HEN-005 Effective Date: April 4, 2012 Program: Hawai i HIE Revision Date: July 17, 2013 Approved By: Hawai i HIE Board of Directors
TITLE: Access Management Policy #: Effective Date: April 4, 2012 Program: Hawai i HIE Revision Date: July 17, 2013 Approved By: Hawai i HIE Board of Directors Purpose The purpose of this policy is to describe
More informationPOL 08.00.02 Information Systems Access Policy. History: First issued: November 5, 2001. Revised: April 5, 2010. Last revised: June 18, 2014
POL 08.00.02 Information Systems Access Policy Authority: History: First issued: November 5, 2001. Revised: April 5, 2010. Last revised: June 18, 2014 Related Policies: NC General Statute 14-454 - Accessing
More informationAcunetix Web Vulnerability Scanner. Getting Started. By Acunetix Ltd.
Acunetix Web Vulnerability Scanner Getting Started V8 By Acunetix Ltd. 1 Starting a Scan The Scan Wizard allows you to quickly set-up an automated scan of your website. An automated scan provides a comprehensive
More informationwww.xceedium.com 2: Do not use vendor-supplied defaults for system passwords and other security parameters
2: Do not use vendor-supplied defaults for system passwords and other security parameters 2.1: Always change vendor-supplied defaults and remove or disable unnecessary default accounts before installing
More informationWhite Paper. Prepared by: Neil Shah Director, Product Management March, 2014 Version: 1. Copyright 2014, ezdi, LLC.
White Paper ezcac: HIPAA Compliant Cloud Solution Prepared by: Neil Shah Director, Product Management March, 2014 Version: 1 Copyright 2014, ezdi, LLC. TECHNICAL SAFEGUARDS Access Control 164.312 (a) (1)
More informationWimba Pronto. Version 3.1. Administrator Guide
Wimba Pronto Version 3.1 Administrator Guide Wimba Pronto 3.1 Administrator Guide Overview 1 Accessing the Wimba Pronto Administration Interface 2 Managing Multiple Institutions 3 General Features 4 Configuring
More informationPA-DSS Implementation Guide for. Sage MAS 90 and 200 ERP. Credit Card Processing
for Sage MAS 90 and 200 ERP Credit Card Processing Version 4.30.0.18 and 4.40.0.1 - January 28, 2010 Sage, the Sage logos and the Sage product and service names mentioned herein are registered trademarks
More informationElectronic Submission of Medical Documentation (esmd) CDA Digital Signatures. January 8, 2013
Electronic Submission of Medical Documentation (esmd) CDA Digital Signatures January 8, 2013 Wet Signatures Standards and legal standing Standards are based on legal precedence Non-repudiation inherent
More informationREGULATIONS COMPLIANCE ASSESSMENT
ALIX is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation. REGULATIONS COMPLIANCE ASSESSMENT BUSINESS
More informationThe CIO s Guide to HIPAA Compliant Text Messaging
The CIO s Guide to HIPAA Compliant Text Messaging Executive Summary The risks associated with sending Electronic Protected Health Information (ephi) via unencrypted text messaging are significant, especially
More informationProfessional Mailbox Email Software Setup Guide
Professional Mailbox Email Software Setup Guide Table of contents Download and Install Microsoft Outlook 2010 or 2011... 2 Enabling access from email software... 4 Setting up Outlook 2010... 6 Before you
More informationDrop Shipping. Contents. Overview 2. Quick Tips 3. Basic Setup 4. Drop Ship Options 5. File Pickup Options 6. E-Mail Messages 8
Contents Overview 2 Quick Tips 3 Basic Setup 4 Drop Ship Options 5 File Pickup Options 6 E-Mail Messages 8 The Drop Shipments Log 9 Maxum Development Corp. Overview One very common file transfer task is
More informationManaging Users and Identity Stores
CHAPTER 8 Overview ACS manages your network devices and other ACS clients by using the ACS network resource repositories and identity stores. When a host connects to the network through ACS requesting
More informationThe City of New York
The Policy All passwords and personal identification numbers (PINs) used to protect City of New York systems shall be appropriately configured, periodically changed, and issued for individual use. Scope
More informationIHE Secure Node Tests
Integrating the Healthcare Enterprise IHE Secure Node Tests Electronic Radiology Laboratory Mallinckrodt Institute of Radiology 510 South Kingshighway Blvd. St. Louis, MO 63110 314.362.6965 (Voice) 314.362.6971
More informationWHMCS LUXCLOUD MODULE
èè WHMCS LUXCLOUD MODULE Update: 02.02.2015 Version 2.0 This information is only valid for partners who use the WHMCS module (v2.0 and higher). 1.1 General overview 1.2 Installing the plugin Go to your
More informationSITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA
SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...
More informationChapter 84. Information Security Rules for Street Hail Livery Technology System Providers. Table of Contents
Chapter 84 Information Security Rules for Street Hail Livery Technology System Providers Table of Contents 84-01 Scope of the Chapter... 2 84-02 Definitions Specific to this Chapter... 2 83-03 Information
More informationSonicWALL PCI 1.1 Implementation Guide
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
More informationSecure File Transfer Protocol User Guide
Ministry of Health Secure File Transfer Protocol User Guide Date Created: November 10, 2009 Date Updated: November 12, 2013 Next Update: Version: 1.6 Approvals Signature Date Director, DA&IM Signature
More information