GUIDANCE FOR BUSINESS ASSOCIATES
|
|
- Shavonne Douglas
- 8 years ago
- Views:
Transcription
1 GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates. In general, as a business assciate, it is expected that apprpriate steps are taken in rder t prtect UPMC data frm the risk f unauthrized disclsure. OVERVIEW As a business assciate t UPMC, UPMC expects yu t cmply with UPMC s business assciate terms and cnditins fund at: (the BAA Terms ). BREACH NOTIFICATION Yu shall reprt t UPMC any breach f UPMC s patient infrmatin immediately upn becming aware f such breach. The reprt shall include the name f each individual whse prtected health infrmatin was r is reasnably believed by yur rganizatin t have been inapprpriately accessed, acquired r disclsed, as well as wh UPMC shuld cntact frm yur rganizatin. Yu shall als prvide such assistance and further infrmatin as requested by UPMC. Yu shall immediately reprt any situatin where yu believe that yur rganizatin may have vilated the BAA Terms. The reprt can be ed t privacyaskus@upmc.edu. SECURITY: APPLICABILITY OF HIPAA SECURITY STANDARDS Generally, UPMC expects that yu will prperly secure all UPMC patient infrmatin. This includes such steps as: Encrypting hard disks, remvable media, remte access and infrmatin sent via the Internet. Securing wrkstatins and servers. Emplying effective passwrds. Maintaining effective antivirus sftware. Patching yur systems. Perfrming backups f yur systems and data. Ensuring that yur data center is physically secure, and that yu have an effective cntingency plan. Limit staff access t systems and infrmatin n a need t knw basis. Destrying data when yu n lnger need t keep it. The fllwing prvisins frm the HIPAA Security Standards (45 CFR Sectin 164) apply directly t yu in yur capacity as a business assciate:
2 Administrative Safeguards ( ) Physical Safeguards ( ) Technical Safeguards ( ) Plicies & Prcedures and Dcumentatin Requirements ( ) Mre infrmatin n these requirements is included in Attachment A. BUSINESS ASSOCIATE SUBCONTRACTORS AND AGENTS Any agent r subcntractr that yu utilize and whm yu prvide UPMC s patient infrmatin t must agree t the BAA Terms as well as any ther terms and cnditins yu and UPMC agree t. ACCOUNTING OF DISCLOSURES Under the terms f the American Recvery & Reinvestment Act (ARRA), patients have a right t an accunting f wh electrnically accessed their infrmatin. This includes access by staff f business assciates and their subcntractrs and agents. Accrdingly, yu shall maintain lgs f such access in rder that UPMC can cmply with this prvisin. IDENTITY THEFT Yu may receive r have access t UPMC infrmatin that culd be used t cmmit identity theft, such as names, SSNs, accunt numbers and birth dates. Accrdingly, yu shall implemented apprpriate precautins, as well as plicies and prcedures, t prevent, detect and mitigate identity theft. INAPPROPPRIATE ACCESS BY STAFF Yu shall nly allw yur staff t access UPMC patient infrmatin as is necessary fr them t d their jb. Yu shall als implement apprpriate prcedures t detect if a staff member has inapprpriately accessed UPMC patient infrmatin. Yu will further investigate each case where yu believe that inapprpriate access has ccurred. EDUCATION Yu shall train yur staff and ensure that they understand their bligatins under the BAA Terms. MITIGATION & DSICIPLINE Yu shall implement prcesses and prcedures t prperly address any breach f the BAA Terms that may ccur, including disciplining emplyees, subcntractrs and agents. ADDITIONAL INFORMATION Additinal infrmatin regarding HIPAA and the privacy rule (including the HIPAA regulatins and FAQs) can be fund at Guidance specific t business assciates can be fund at
3 ATTACHMENT A 1. ADMINISTRATIVE SAFEGUARDS a. Security Management Prcess: i. Risk Analysis: Cnduct an accurate and thrugh assessment f the ptential risks and vulnerabilities t the cnfidentiality, integrity, and availability f electrnic prtected health infrmatin held by the cvered entity. ii. Risk Management: Implement security measures sufficient t reduce risks and vulnerabilities t a reasnable and apprpriate level. iii. Sanctin Plicy: Apply apprpriate sanctins against wrkfrce members wh fail t cmply with the security plicies and prcedures f the cvered entity. iv. Infrmatin System Activity Review: Implement prcedures t regularly review recrds f infrmatin system activity, such as audit lgs, access reprts, and security incident tracking reprts. b. Assigned Security Respnsibility: i. Identify the security fficial wh is respnsible fr the develpment and implementatin f the facility's infrmatin security plicies and prcedures c. Wrkfrce Security: i. Wrkfrce Security: Implement prcedures fr the authrizatin and/r supervisin f wrkfrce members wh wrk with electrnic prtected health infrmatin r in lcatins where it might be accessed. ii. Wrkfrce Clearance Prcedure: Implement prcedures t determine that the access f a wrkfrce member t electrnic prtected health infrmatin is apprpriate. iii. Terminatin prcedure: Implement prcedures fr terminating access t electrnic PHI when the emplyment f a wrkfrce member. d. Infrmatin Access Management: Implement plicies and prcedures fr authrizing access t electrnic PHI i. Islating Health Care Clearinghuse Functins: If a health care clearinghuse is part f a larger rganizatin, the clearinghuse must implement plicies and prcedures that prtect the electrnic prtected health infrmatin f the clearinghuse frm unauthrized access by the larger rganizatin. ii. Access Authrizatin: Implement plicies and prcedures fr granting access t electrnic PHI, fr example, thrugh access t a wrkstatin, transactin, prgram, prcess, r ther mechanism. iii. Access Establishment and Mdificatin: Implement plicies and prcedures that, based upn the entity's access authrizatin plicies, establish, dcument, review, and mdify a user's right f access t a wrkstatin, transactin, prgram, r prcess. e. Security Awareness and Training: Implement a security awareness and training prgram fr all members f its wrkfrce (including management). i. Security reminders peridic security updates.
4 ii. Prtectin frm malicius sftware - Prcedures fr guarding against, detecting, and reprting malicius sftware. iii. Lg in mnitring - Prcedures fr mnitring lg-in attempts and reprting discrepancies. iv. Passwrd Management - Prcedures fr creating, changing, and safeguarding passwrds. f. Security Incident Prcedures i. Respnse and Reprting - Identify and respnd t suspected r knwn security incidents; mitigate, t the extent practical, harmful effects f security incidents that are knwn t the cvered entity; and dcument security incidents and their utcmes. g. Cntingency Plan - Establish (and implement as needed) plicies and prcedures fr respnding t an emergency r ther ccurrence (fr example, fire, vandalism, system failure, and natural disaster) that damages systems that cntain electrnic PHI. i. Data backup plan - Establish and implement prcedures t create and maintain retrievable exact cpies f electrnic PHI. ii. Disaster Recvery Plan - Establish (and implement as needed) prcedures t restre any lss f data. iii. Emergency Mde Operatin Plan - Establish (and implement as needed) prcedures t enable cntinuatin f critical business prcesses fr prtectin f the security f electrnic PHI while perating in emergency mde. iv. Testing and Revisin Prcedures - Implement prcedures fr peridic testing and revisin f cntingency plans. v. Applicatins and Data Criticality Analysis - Assess the relative criticality f specific applicatins and data in supprt f ther cntingency plan cmpnents. h. Evaluatin - Perfrm a peridic self r external evaluatin f the facility's cmpliance with the HIPAA security rule. i. Business Assciate Cntracts and Other Arrangements 2. PHYSICAL SAFEGUARDS a. Facility Access Cntrls - Implement plicies and prcedures t limit physical access t its electrnic infrmatin systems and the facility r facilities in which they are hused, while ensuring that prperly authrized access is allwed. i. Cntingency Operatins - Establish (and implement as needed) prcedures that allw facility access in supprt f restratin f lst data under the disaster recvery plan and emergency mde peratins plan in the event f an emergency. ii. Facility Security Plan - Implement plicies and prcedures t safeguard the facility and the equipment therein frm unauthrized physical access, tampering, and theft. iii. Access Cntrl and Validatin Prcedures - Implement prcedures t cntrl and validate a persn's access t facilities based n their rle r functin,
5 including visitr cntrl, and cntrl f access t sftware prgrams fr testing and revisin. iv. Maintenance Recrds - Implement plicies and prcedures t dcument repairs and mdificatins t the physical cmpnents f a facility which are related t security (fr example, hardware, walls, drs, and lcks.) b. Wrkstatin Use - Implement prcedures that specify apprpriate usage, including the physical attributes f wrkstatins which can access ephi c. Wrkstatin Security - Implement physical safeguards fr all wrkstatins that access ephi t restrict access t authrized users d. Device and Media Cntrls - Implement plicies and prcedures that gvern the receipt and remval f hardware and electrnic media that cntain electrnic PHI int and ut f a facility, and the mvement f these items within the facility. i. Dispsal - Implement plicies and prcedures t address the final dispsitin f electrnic PHI and/r the hardware r electrnic media n which it is stred. ii. Media Re-use - Implement prcedures fr remval f electrnic PHI frm electrnic media befre the media are made available fr re-use. iii. Accuntability - Maintain a recrd f the mvements f hardware and electrnic media and any persn respnsible therefre. iv. Data Backup and Strage - Create a retrievable, exact cpy f electrnic PHI, when needed, befre mvement f equipment. 3. TECHNICAL SAFEGUARDS a. Access Cntrl i. Unique User Identificatin - Assign a unique name and/r number fr identifying and tracking user identity. ii. Emergency Access Prcedure - Establish (and implement as needed) prcedures fr btaining necessary electrnic prtected health infrmatin during an emergency. iii. Autmatic Lgff - Implement electrnic prcedures that terminate an electrnic sessin after a predetermined time f inactivity. iv. Encryptin and Decryptin - Implement a mechanism t encrypt and decrypt electrnic PHI. b. Audit Cntrls - Implement hardware, sftware, and/r prcedural mechanisms that recrd and examine activity in infrmatin systems that cntain r use electrnic PHI. c. Integrity - Implement electrnic mechanisms t crrbrate that electrnic prtected health infrmatin has nt been altered r destryed in an unauthrized manner. d. Persn r Entity Authenticatin- Implement prcedures t verify that a persn r entity seeking access t ephi is the ne claimed. e. Transmissin Security - Implement technical security measures t guard against unauthrized access t electrnic PHI that is being transmitted ver an electrnic cmmunicatins netwrk.
6 i. Integrity Cntrls - Implement security measures t ensure that electrnically transmitted electrnic PHI is nt imprperly mdified withut detectin until dispsed f. ii. Encryptin - Implement a mechanism t encrypt electrnic PHI whenever deemed apprpriate.
HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337
HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders
More informationHIPAA HITECH ACT Compliance, Review and Training Services
Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical
More informationFAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT
FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT If using US Pstal Service, please return t: Califrnia Student Aid Cmmissin Prgram Administratin & Services Divisin ATTN: Institutinal Supprt P.O. Bx 419028
More informationVCU Payment Card Policy
VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this
More informationTexas Woman's University University Policy Manual
Texas Wman's University University Plicy Manual Plicy Name: Plicy Number: 6.06 Date Passed: July 2004 Health Insurance Prtability& Accuntability Act (HIPAA) Date Reviewed: September 2008 Next Review: September
More informationCloud-based File Sharing: Privacy and Security Tutorial Institutional Compliance Office July 2013
Clud-based File Sharing: Privacy and Security Tutrial Institutinal Cmpliance Office July 2013 Patient Data in the Clud Prtecting patient privacy is ne f MD Andersn s greatest respnsibilities Technlgies
More informationHIPAA Legislation - Key Provisions
HIPAA SECURITY, PRIVACY, AND THE NATIONAL PROVIDER IDENTIFIER Frederick Britten Frt Hays State University Carl Ann Raymnd The University f Gergia Outline HIPAA Review Enfrcement Update Natinal Prvider
More informationCOPIES-F.Y.I., INC. Policies and Procedures Data Security Policy
COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus
More informationPrivacy and Security Training Policy (PS.Pol.051)
Privacy and Security Training Plicy (PS.Pl.051) Purpse T define the plicies and prcedures fr prviding privacy and security training in respect f the CnnectingGTA Slutin. Definitins Electrnic Service Prvider
More informationUniversity of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments
University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department
More informationUnified Infrastructure/Organization Computer System/Software Use Policy
Unified Infrastructure/Organizatin Cmputer System/Sftware Use Plicy 1. Statement f Respnsibility All emplyees are charged with the security and integrity f the cmputer system. Emplyees are asked t help
More informationFirst Global Data Corp.
First Glbal Data Crp. Privacy Plicy As f February 23, 2015 Ding business with First Glbal Data Crp. ("First Glbal", First Glbal Mney, "we" r "us", which includes First Glbal Data Crp. s subsidiary, First
More informationPersonal Data Security Breach Management Policy
Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner
More informationPOLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014
State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)
More informationData Protection Act Data security breach management
Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing
More informationProject Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES
Prject Open Hand Atlanta Effective Date: April 14, 2003 Health Insurance Prtability and Accuntability Act (HIPAA) The Health Insurance Prtability and Accuntability Act f 1996 (HIPAA) directs health care
More informationVersion: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013
Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch
More informationBLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS
BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS SERIES: 1 General Rules RULE: 17.1 Recrd Retentin Scpe: The purpse f this rule is t establish the systematic review, retentin and destructin
More informationData Protection Policy & Procedure
Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2 Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015
More informationHillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network
2361/Page 1 f 6 Hillsbrugh Bard f Educatin Acceptable Use Plicy fr Using the Hillsbrugh Twnship Public Schls Netwrk It is the gal f the HTPS (Hillsbrugh Twnship Public Schls) Netwrk t prmte educatinal
More informationRUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer
RUTGERS POLICY Sectin: 70.1.1 Sectin Title: Infrmatin Technlgy Plicy Name: Acceptable Use Plicy fr Infrmatin Technlgy Resurces Frmerly Bk: N/A Apprval Authrity: Senir Vice President fr Administratin Respnsible
More informationTrustED Briefing Series:
TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers
More informationTHE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM
THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant
More informationHampton Roads Orthopaedics & Sports Medicine. Notice of Privacy Practices
This is being prvided t yu as a requirement f the privacy regulatins issued under the Health Insurance Prtability and Accuntability Act f 1996 (HIPAA). This ntice describes hw HROSM may use and disclse
More informationHow To Ensure Your Health Care Is Safe
Guidelines fr Custdians t assess cmpliance with the Persnal Health Infrmatin Privacy and Access Act (PHIPAA) This dcument is designed t help custdians evaluate readiness fr cmpliance with PHIPAA and t
More informationChapter 7 Business Continuity and Risk Management
Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity
More informationSupersedes: DPS Policy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 of 5
Plicy: 13.01 SUBJECT: INTERNET USAGE Supersedes: DPS Plicy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 f 5 1.0 POLICY PURPOSE Detrit Public Schls (DPS) Internet
More informationCOMPLIANCE WITH THE FEDERAL TRADE COMMISSION S SAFEGUARDS RULE
COMPLIANCE WITH THE FEDERAL TRADE COMMISSION S SAFEGUARDS RULE COMPLIANCE WITH THE FEDERAL TRADE COMMISSION S SAFEGUARDS RULE Mst dealers are familiar with the requirements f the Gramm-Leach-Bliley Act
More informationPlus500CY Ltd. Statement on Privacy and Cookie Policy
Plus500CY Ltd. Statement n Privacy and Ckie Plicy Statement n Privacy and Ckie Plicy This website is perated by Plus500CY Ltd. ("we, us r ur"). It is ur plicy t respect the cnfidentiality f infrmatin and
More informationHIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc.
HIPAA Ntice f Privacy Practices Central Ohi Surgical Assciates, Inc. THIS NOTICE OF PRIVACY PRACTICES (THE NOTICE ) DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN
More informationDisplayNote Technologies Limited Data Protection Policy July 2014
DisplayNte Technlgies Limited Data Prtectin Plicy July 2014 1. Intrductin This dcument sets ut the bligatins f DisplayNte Technlgies Limited ( the Cmpany ) with regard t data prtectin and the rights f
More informationNYU Langone Medical Center NYU Hospitals Center NYU School of Medicine
Title: Identity Theft Prgram Effective Date: July 2009 NYU Langne Medical Center NYU Hspitals Center NYU Schl f Medicine POLICY It is the plicy f the NYU Langne Medical Center t educate and train staff
More informationFAYETTEVILLE STATE UNIVERSITY
FAYETTEVILLE STATE UNIVERSITY IDENTITY THEFT PREVENTION (RED FLAGS RULE) Authrity: Categry: Issued by the Fayetteville State University Bard f Trustees. University-Wide Applies t: Administratrs Faculty
More informationSecurity Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview
Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the
More informationOnline Banking Agreement
Online Banking Agreement 1. General This Online Banking Agreement, which may be amended frm time t time by us (this "Agreement"), fr accessing yur Clrad Federal Savings Bank accunt(s) via the Internet
More informationA Guide to HIPAA Security Standards and the Quest HIPAA Report Pack
A Guide t HIPAA Security Standards and the Quest HIPAA Reprt Pack Cpyright Quest Sftware, Inc. 2004. All rights reserved. This guide cntains prprietary infrmatin, which is prtected by cpyright. The sftware
More informationKey Steps for Organizations in Responding to Privacy Breaches
Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins
More informationA96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015
A96 CALA Plicy n the use f Cmputers in Accredited Labratries Revisin 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries TABLE OF CONTENTS TABLE OF CONTENTS... 1 CALA POLICY
More informationSession 9 : Information Security and Risk
INFORMATION STRATEGY Sessin 9 : Infrmatin Security and Risk Tharaka Tennekn B.Sc (Hns) Cmputing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Infrmatin Management Framewrk 2 Infrmatin
More informationCMS Eligibility Requirements Checklist for MSSP ACO Participation
ATTACHMENT 1 CMS Eligibility Requirements Checklist fr MSSP ACO Participatin 1. General Eligibility Requirements ACO participants wrk tgether t manage and crdinate care fr Medicare fee-fr-service beneficiaries.
More informationChristchurch Polytechnic Institute of Technology Access Control Security Standard
CPIT Crprate Services Divisin: ICT Christchurch Plytechnic Institute f Technlgy Access Cntrl Security Standard Crprate Plicies & Prcedures Sectin 1: General Administratin Dcument CPP121a Principles Infrmatin
More informationPrivacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.
Privacy Plicy The Central Equity Grup understands hw highly peple value the prtectin f their privacy. Fr that reasn, the Central Equity Grup takes particular care in dealing with any persnal and sensitive
More informationHIPAA COMPLIANCE FOR MTSOs
HIPAA COMPLIANCE FOR MTSOs HIPAA regulatins affect ur industry in many ways. The tw main areas f impact are privacy and security. The privacy regulatins address many areas with the mst pertinent being
More informationALBAN CHURCH OF ENGLAND ACADEMY COMPUTER SECURITY POLICY. Approved by Governing Body on: 6 th May 2015
ALBAN CHURCH OF ENGLAND ACADEMY COMPUTER SECURITY POLICY Gvernrs Cmmittee: Finance and General Purpses Apprved by Gverning Bdy n: 6 th May 2015 Signed: (Chair f Cmmittee) Signed: (Headteacher) Date t be
More informationHIPAA/HITECH PRIVACY & SECURITY CHECKLIST ASSESSMENT AND GUIDANCE INSTRUCTIONS
HIPAA/HITECH PRIVACY & SECURITY CHECKLIST ASSESSMENT AND GUIDANCE INSTRUCTIONS Thank yu fr taking the time t fill ut the privacy & security checklist. Once cmpleted, this checklist will help us get a better
More informationDATE APPROVED March 2011. Version Date Comments / Changes 1.0 March 2011 Initial policy released
Page 1 f 11 APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial plicy released 1. PURPOSE OF THIS POLICY T define the purpses fr which Crprate Purchase Cards are t be used
More informationMigrationWiz HIPAA Compliant Migration. Focus on data migration, not regulation. BitTitan Global Headquarters: 3933 Lake Washington Blvd NE Suite 200
MigratinWiz HIPAA Cmpliant Migratin Fcus n data migratin, nt regulatin. BitTitan Glbal Headquarters: 3933 Lake Washingtn Blvd NE Suite 200 Table f Cntents Kirkland, WA 98033 www.bittitan.cm sales@bittitan.cm
More informationWoodstock Multimedia, INC. Software/Hardware Usage Policy
Wdstck Multimedia, INC. Sftware/Hardware Usage Plicy POLICY PURPOSE The purpse f the Wdstck Multimedia, INC. Sftware / Hardware Usage Plicy is t ensure that Wdstck Multimedia, INC. emplyees are prperly
More informationVersion Date Comments / Changes 1.0 January 2015 Initial Policy Released
Page 1 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial Plicy Released INTENT / PURPOSE The Infrmatin and Data Gvernance
More information2. Are there any restrictions on when the work can be performed (e.g. only at night, only during business hours, only on weekends)? No.
HIPAA Technical Risk Security Assessment 1. Will yu be issuing additinal directins fr the frmatting f the final prpsal due Nvember 21 st? There is nt specific frmatting requirements, just submit the prpsal
More informationTo clarify terms used within these policies, the following definitions are provided:
Baker University Email Plicy E-mail services are prvided t the Baker cmmunity in supprt f the educatinal missin f the University and the administrative functins t carry ut that missin. Users f Baker e-mail
More informationMulti-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021
Multi-Year Accessibility Plicy and Plan fr NSF Canada and NSF Internatinal Strategic Registratins Canada Cmpany, 2014-2021 This 2014-21 accessibility plan utlines the plicies and actins that NSF Canada
More informationPENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK
Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs
More informationexpertise hp services valupack consulting description security review service for Linux
expertise hp services valupack cnsulting descriptin security review service fr Linux Cpyright services prvided, infrmatin is prtected under cpyright by Hewlett-Packard Cmpany Unpublished Wrk -- ALL RIGHTS
More informationInternet Banking Agreement and Disclosure Statement
Internet Banking Agreement and Disclsure Statement This agreement cntains the terms and cnditins that gvern accessing r using Internet Banking (NetTeller), Bill Payment Services, Mbile Banking and On Demand
More informationBill Payment Agreement & Disclosures
Bill Payment Agreement & Disclsures Welcme t Online Banking Bill Payment Service. Use f the Bill Payment Service indicates acceptance f terms and cnditins set frth in the Online Banking Agreement & Disclsures
More informationIT Help Desk Service Level Expectations Revised: 01/09/2012
IT Help Desk Service Level Expectatins Revised: 01/09/2012 Overview The IT Help Desk team cnsists f six (6) full time emplyees and fifteen (15) part time student emplyees. This team prvides supprt fr 25,000+
More informationInformation Security Policy
Purpse The risk t Charlestn Suthern University, its emplyees and students frm data lss and identity theft is f significant cncern t the University and can be reduced nly thrugh the cmbined effrts f every
More informationTITLE: RECORDS AND INFORMATION MANAGEMENT POLICY
TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY REFERENCE NUMBER: 14/103368 RESPONSIBLE DEPARTMENT: Crprate Services APPLICABLE LEGISLATION: State Recrds Act 1997 Lcal Gvernment Act 1999 Crpratins Act
More informationAML Internet Manor Court, Manor Farm House, London Road, Derby, Derbyshire, DE72 2GR. Tel: 01332 650 009 Fax: 01332 650 850 Email:
AML Internet Manr Curt, Manr Farm Huse, Lndn Rad, Derby, Derbyshire, DE72 2GR. Tel: 01332 650 009 Fax: 01332 650 850 Email: Backup@AmlInternet.c.uk Cntents Page Situatin Analysis 3 AML Internet - The Slutin
More informationProcess of Setting up a New Merchant Account
Prcess f Setting up a New Merchant Accunt Table f Cntents PCI DSS... 3 Wh t cntact?... 3 Bakcgrund n PCI... 3 Why cmply?... 3 Hw t cmply?... 3 PCI DSS Scpe... 4 Des PCI DSS Apply t Me?... 4 What if I am
More informationNERC-CIP Cyber Security Standards Compliance Documentation
Cmpliance Dcumentatin Briv OnAir 8/3/20154 Page 2 Overview This dcument is intended t be the primary surce f infrmatin fr Briv s cmpliance with the Nrth America Electric Reliability Crpratin (NERC) reliability
More informationTechnical Writing - TheUsers Visa (SHR User Accunt)
POLICY Number: 7311-25-004 Title: Saskatn Health Regin User Accunt Plicy Authrizatin [ ] President and CEO [X] Vice President, Finance and Crprate Services Surce: Directr, Infrmatin Technlgy Services Crss
More informationSaaS Listing CA Cloud Service Management
SaaS Listing CA Clud Service Management 1. Intrductin This dcument prvides standards and features that apply t the CA Clud Service Management (CSM) SaaS ffering prvided t the Custmer and defines the parameters
More informationCloud Services Frequently Asked Questions FAQ
Clud Services Frequently Asked Questins FAQ Revisin 1.0 6/05/2015 List f Questins Intrductin What is the Caradigm Intelligence Platfrm (CIP) clud? What experience des Caradigm have hsting prducts like
More informationWHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy
WHAT YOU NEED TO KNOW ABOUT Prtecting yur Privacy YOUR PRIVACY IS OUR PRIORITY Credit unins have a histry f respecting the privacy f ur members and custmers. Yur Bard f Directrs has adpted the Credit Unin
More informationSystems Support - Extended
1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets
More informationInformation Services Hosting Arrangements
Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based
More informationHow To Use A Health Infrmatin
HIPAA PRIVACY AND SECURITY POLICY AND PROCEDURES FOR THE PRACTICE OF WEISS CHIROPRACTIC EFFECTIVE: SEPTEMBER 1, 2013 Page 1 POLICY AND PROCEDURES CONTENTS General Overview / Cverage... 2 Designated Recrd
More informationState of North Carolina. Statewide Information Security Manual. Prepared by the Enterprise Security and Risk Management Office
State f Nrth Carlina Statewide Infrmatin Security Manual Prepared by the Enterprise Security and Risk Management Office Publicatin Date: January 2015 1 This page intentinally left blank 2 TABLE OF CONTENTS
More informationRemote Working (Policy & Procedure)
Remte Wrking (Plicy & Prcedure) Publicatin Scheme Y/N Department f Origin Plicy Hlder Authrs Can be published n Frce Website Prfessinal Standards Department (PSD) Ch Supt Head f PSD IT Security Officer
More informationHelp Desk Level Competencies
Help Desk Level Cmpetencies Level 1 Take user calls and manage truble tickets Ability t staff and manage the rganizatins helpdesk and effectively respnd t rutine custmer calls Ability t use prper grammar
More informationOITS Service Level Agreement
OITS Service Level Agreement Objective A Service Level Agreement (SLA) describes the IT Service, dcuments Service Level Targets, and specifies the respnsibilities f the IT Service Prvider and the Custmer.
More informationPresentation: The Demise of SAS 70 - What s Next?
Presentatin: The Demise f SAS 70 - What s Next? September 15, 2011 1 Presenters: Jeffrey Ziplw - Partner BlumShapir Jennifer Gerasimv Senir Manager Delitte. SAS 70 Backgrund and Overview Purpse f a SAS
More informationState of California California Technology Agency. Software Management Plan Guidelines
State f Califrnia Califrnia Technlgy Agency Sftware Management Plan Guidelines Revised April 2011 Sectin 1 1.0 Overview INTRODUCTION TO SOFTWARE MANAGEMENT PLANNING The State Administrative Manual (SAM)
More informationEmployees - recruitment, records and monitoring
Emplyees - recruitment, recrds and mnitring This guidance has been prduced t help rganisatins cmply with the Data Prtectin Act (DPA) when recruiting and emplying wrkers. It is relevant t public sectr emplyers,
More informationState of Wisconsin. File Server Service Service Offering Definition
State f Wiscnsin File Server Service Service Offering Definitin Dcument Revisin Histry Date Versin Creatr Ntes 2/16/2008 1.0 JD Urfer First pass 2/16/2008 2.0 Tm Runge Editing changes 2/19/2009 2.1 Tm
More informationMonthly All IFS files, all Libraries, security and configuration data
Server Backup Plicy Intrductin Data is ne f Banks DIH Limited s mst imprtant assets. In rder t prtect this asset frm lss r destructin, it is imperative that it be safely and securely captured, cpied, and
More informationACTIVITY MONITOR Real Time Monitor Employee Activity Monitor
ACTIVITY MONITOR Real Time Mnitr Emplyee Activity Mnitr This pwerful tl allws yu t track any LAN, giving yu the mst detailed infrmatin n what, hw and when yur netwrk users perfrmed. Whether it is a library
More informationYur Infrmatin technlgy Security Plicy
INFORMATION TECHNOLOGY USAGE POLICY COUNTY OF ORANGE Cunty f Orange Infrmatin Technlgy Usage Plicy 1 INTRODUCTION: The Cunty f Orange Infrmatin Technlgy (IT) Usage Plicy is the fundatin f the Cunty s infrmatin
More informationOutsourcing arrangements
Rules Ntice Guidance Nte Dealer Member Rules Please distribute internally t: Internal Audit Legal and Cmpliance Operatins Regulatry Accunting Senir Management Cntacts: Luis Piergeti Vice President, Financial
More informationInternet and E-Mail Policy User s Guide
Internet and E-Mail Plicy User s Guide Versin 2.2 supprting partnership in mental health Internet and E-Mail Plicy User s Guide Ver. 2.2-1/5 Intrductin Health and Scial Care requires a great deal f cmmunicatin
More informationSystem Business Continuity Classification
Business Cntinuity Prcedures Business Impact Analysis (BIA) System Recvery Prcedures (SRP) System Business Cntinuity Classificatin Cre Infrastructure Criticality Levels Critical High Medium Lw Required
More informationRequest for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply
Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t
More informationSystem Business Continuity Classification
System Business Cntinuity Classificatin Business Cntinuity Prcedures Infrmatin System Cntingency Plan (ISCP) Business Impact Analysis (BIA) System Recvery Prcedures (SRP) Cre Infrastructure Criticality
More informationVantiv eprotect iframe Technical Assessment Paper Prepared for:
Vantiv eprtect iframe Technical Assessment Paper Prepared fr: Octber 13, 2015 P a g e 2 Cntents EXECUTIVE SUMMARY...3 OVERVIEW... 3 ABOUT VANTIV EPROTECT... 4 OPERATIONAL FLOW... 5 TECHNICAL ASSESSMENT...6
More informationNAIC Replacement Requirements For Certain Life Insurance Policies And Annuity Contracts
NAIC Replacement Requirements Fr Certain Life Insurance Plicies And Annuity Cntracts Duties f Prducers If a transactin invlves a replacement, the prducer must leave with the applicant, at the time an applicatin
More informationRATIONALE TERMS OF REFERENCE FOR THE QUALITY COMMITTEE UNDER THE EXCELLENT CARE FOR ALL ACT. Authority
RATIONALE With the intrductin f the Excellent Care fr All Act, hspital bards must nw have a quality cmmittee that reprts t the bard. The template prvides sample terms f references fr rganizatins t adapt
More informationFINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service.
FINANCIAL OPTIONS 1. Fr thse patients wh carry dental insurance, all c-payments are due n date f service. We will file yur claim as a service t yu, and will d ur very best t maximize yur benefits. We accept
More informationIN-HOUSE OR OUTSOURCED BILLING
IN-HOUSE OR OUTSOURCED BILLING Medical billing is ne f the mst cmplicated aspects f running a medical practice. With thusands f pssible cdes fr diagnses and prcedures, and multiple payers, the ability
More informationAccident Investigation
Accident Investigatin APPLICABLE STANDARD: 1960.29 EMPLOYEES AFFECTED: All emplyees WHAT IS IT? Accident investigatin is the prcess f determining the rt causes f accidents, n-the-jb injuries, prperty damage,
More informationBAMS Third Party Service Providers (TPSPs) FAQs
BAMS Third Party Service Prviders (TPSPs) FAQs 1) What is the Third Party Service Prvider (TPSP) Agent Registratin Prgram? The TPSP Agent Registratin Prgram is a Card Brand (Visa USA Inc and MasterCard
More informationSPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010
OntariMD Inc. Electrnic Medical Recrds SPECIFICATION Hspital Reprt Manager Cnnectivity Requirements DRAFT Date: September 30, 2010 Versin: 1.0 2007-2010 OntariMD Inc. All rights reserved HRM EMR Cnnectivity
More informationWe will record and prepare documents based off the information presented
Dear Client: We appreciate the pprtunity f wrking with yu regarding yur Payrll needs. T ensure a cmplete understanding between us, we are setting frth the pertinent infrmatin abut the services that we
More informationSymantec User Authentication Service Level Agreement
Symantec User Authenticatin Service Level Agreement Overview and Scpe This Symantec User Authenticatin service level agreement ( SLA ) applies t Symantec User Authenticatin prducts/services, such as Managed
More informationImproved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1
Imprved Data Center Pwer Cnsumptin and Streamlining Management in Windws Server 2008 R2 with SP1 Disclaimer The infrmatin cntained in this dcument represents the current view f Micrsft Crpratin n the issues
More informationSources of Federal Government and Employee Information
Inf Surce Surces f Federal Gvernment and Emplyee Infrmatin Ridley Terminals Inc. TABLE OF CONTENTS General Infrmatin Intrductin t Inf Surce Backgrund Respnsibilities Institutinal Functins, Prgram and Activities
More informationEA-POL-015 Enterprise Architecture - Encryption Policy
Technlgy & Infrmatin Services EA-POL-015 Enterprise ure - Encryptin Plicy Authr: Craig Duglas Date: 17 March 2015 Dcument Security Level: PUBLIC Dcument Versin: 1.0 Dcument Ref: EA-POL-015 Dcument Link:
More informationFelician College. Computer Use Policy. Office of Information Technology 262 South Main St Lodi, NJ 07644-2117
Felician Cllege Office f Infrmatin Technlgy 262 Suth Main St Ldi, NJ 07644-2117 Cmputer Use Plicy Intrductin - In supprt f Felician Cllege's missin f teaching and public service, the Infrmatin Technlgy
More information