 |
||
|
||
UNIVERSITY OF MAINE SYSTEM
GENERAL OPERATING HIPAA SECURITY POLICIES
Policy # Subject
Administrative Safeguards
100. HIPAA Security Policy
100a. Assigned Security Official
100b. Assign Security Responsibility
101. Security Management Process
102. Risk Analysis
103. Risk Management
104. Sanction Policy
105. Information System Activity Review
106. Workforce Security
107. Workforce Clearance
108. Authorization/Supervision
109. Termination Procedure
110. Information Access Management
111. Isolating Health Care Clearinghouse Functions
112. Access Authorization
113. Access Establishment and Modification
114. Security Awareness and Training
115. Security Reminders
116. Protection from Malicious Software
117. Log-in Monitoring
118. Password Management
119. Security Incident Procedures
120. Contingency Plan
121. Data Backup Plan
122. Disaster Recovery Plan
123. Emergency-mode Operation Plan
124. Testing and Revision
125. Application and Data Criticality Analysis
126. Evaluation
127. Business Associate Agreements
Physical Safeguards
128. Facility Access Controls
129. Contingency Operations
130. Facility Security Plan
131. Access Control and Validation Procedures
132. Maintenance Records
133. Workstation Use
134. Device and Medial Controls
135. Disposal
136 Media Re-use
137. Accountability
138. Data Backup and Storage
Technical Safeguards
139. Access Control
140. Unique User Identification
141. Emergency Access Control
142. Automatic Logoff
143. Encryption and Decryption
144. Audit Controls
145. Integrity
146. Personal or Entity Authentication
147. Transmission Security
148. Integrity controls
149. Encryption
150. Integrity Controls - BAA
151. Documentation and Retention
152. Wireless controls
153. Firewall Usage
University of Maine System
copyright 1999, UMS. All rights reserved.
Updated: