Measures to be taken

Make accurate copies of the ePHI stored on the computer system prior to the move. Other requirements include performing a risk analysis using NIST guidelines in advance.

Review audit logs, access reports, and security incident tracking on a regular basis. Appoint and identify a security officer responsible for developing and enforcing the policy; take specific steps to ensure that only those employees who are supposed to have access to ePHI have access to ePHI and no other employees have access to it.

Implement procedures to ensure that employee access to ePHI is appropriate. Implement procedures to terminate employee access to ePHI when the employee leaves the organization.

Provide regular security training to employees. Maintain current and effective antivirus protection on all workstations at all times and establish procedures for reporting malicious software.

Establish procedures for monitoring login attempts and reporting discrepancies. Establish procedures for creating, changing, and protecting passwords.

Implement policies and procedures for identifying and responding to suspicious or known security incidents, including documentation of the incidents and their consequences.


Back to Top