Institute:Office of National Coordinator (ONC) Workforce Training Curriculum
Component:The Culture of Health Care
Unit:Privacy, Confidentiality, and Security
Lecture:HIPAA Security Rule
Slide content:Administrative Safeguards Security management process Risk analysis (R) Risk management (R) Sanction policy (R) Information system activity review (R) Assigned security responsibility (R) Workforce security Authorization and/or supervision (A) Workforce clearance procedure (A) Termination procedures (A) Information access management Isolating healthcare clearinghouse functions (R) Access authorization (A) Access establishment and modification (A) R = required A = addressable 7
Slide notes:This slide shows the first part of the list of administrative safeguards from the Security 101 document. Perhaps the most important of the required standards is a security management process that includes an analysis of risk, how risk is managed, and any sanction policy. Procedures for addressing security violations as well as an overall information system activity review are also needed. Additionally, security responsibility must be assigned, usually to the chief security officer. The role of the chief security officer includes providing administrative management within the organization as well as providing technical expertise. The security for the rest of the workforce is addressable, as are aspects of information access management with the exception of the requirement that health care clearinghouse functions must be isolated for analysis with regard to security issues. 7