Subcategories and ONE exemple for each follow.
Access Control i.e. Applications will be required to provide automatic user logoff (example: 15 minutes).
Audit Controls i.e. Different types of systems will allow for different types of logging to take place. (e.g. syslog server, application event logs (IIS, Exchange), specific service use (ftp, http)), specific activities, NT Event logging, Firewall events, or Intrusion Detection.
Integrity i.e. Changes to health information should be audited to ensure proper use and accesses.
Person or Entity Authentication i.e. Online validation or offline validation. Online Validation allows the user to ask the CA directly about a certificates validity every time it is used. Offline validation gives a validity period, a pair of dates defining the valid range of the certificate. Entity certificates are known as identity certificates (characteristics), and non-entity certificates are known as credential certificates (e.g. X is a doctor, or permissions to certain systems).
Transmission Security i.e. Policies and procedures would ensure that security of the health information as it is transmitted from start, middle, to end point.
Administrative Safeguardsmore info
Physical Safeguardsmore info
Technical Safeguardsmore info
Organizational Requirementsmore info
Policy and Proceduresmore info
Let us provide you with the compliance level you need.
We offer comprehensive practice assessment from only $500.00 Contact us at: Davidsybert@gmail.com