ABSTRACT
The objectives of this chapter are as follows:
Understand what standards make up the Administrative Safeguards related to the Security Rule regulations.
Understand the security management process.
Determine what is required by a risk analysis.
Understand what is involved in risk management.
Determine appropriate sanctions on workforce members for violations of policies and procedures.
Understand what is required by an information system activity review.
Determine which workforce member will be assigned security responsibilities.
Understand workforce security requirements.
Understand what is involved with authorization and supervision of workforce member access.
Determine proper workforce clearance procedures.
Determine appropriate termination procedures.
Understand what is involved with management of information access.
Determine if healthcare clearinghouse functions can be isolated.
Determine how to address access authorization.
Determine how to address access establishment and modification.
Understand what is involved with security awareness training.
176Determine how to address security reminders.
Determine what solutions will protect against malicious software.
Determine what is necessary to monitor for log-ins.
Understand the management of passwords.
Determine what procedures are required to handle security incident.
Understand how to respond to and report a security incident.
Understand the requirement of a contingency plan.
Determine what types of data backups are required.
Understand what is involved in a disaster recovery plan.
Determine when emergency mode operations go into effect.
Determine how to address testing and revising disaster recovery plans.
Understand how to conduct applications and data criticality analysis.
Determine what types of evaluations are required.
Understand business associate contracts and other arrangements.
Determine what elements are required to be included in a written contract or other arrangement related to business associates.
