Sanctions Policy - Privacy Violations (A-HIM-0034)
Data Breach Incident Response and Management Plan (A-EXE-0014 )
Assigned Security Responsibility (A-ISN-0026)
Computer Applications and Data Criticality Analysis (A-ISN-0008)
Computer Audit Controls (A-ISN-0009)
Computer Automatic Logoff (A-ISN-0010)
Computer Contingency Operations, Testing, and Revision (A-ISN-0011)
Computer Data Backup Plan and Storage (A-ISN-0012)
Computer Device and Media Controls: Disposal, Re-use, and Accountability (A-ISN-0013)
Computer Disaster Recovery (A-ISN-0014)
Computer Emergency Mode Operation Plan (A-ISN-0015)
Computer Facilities Maintenance Records (A-ISN-0017)
Computer Facility Security Plan (A-ISN-0030)
Computer Facility, Access Control, and Validation Procedures (A-ISN-0016)
Computer Log-in Monitoring (A-ISN-0018)
Computer Password Management, Access, and Unique User Identification (A-ISN-0019)
Computer Risk Analysis and Risk Management (A-ISN-0020)
Computer Security Response and Reporting (A-ISN-0007)
Computer Workstation Use and Security (A-ISN-0022)
Data Breach Incident Response and Management Plan (A-EXE-0014)
Data Storage: Non-network (A-ISN-0001)
Data Transmission Integrity Controls: Encryption and Decryption (A-ISN-0023)
Email - Electronic Mail (A-ISN-0003)
Emergency Computer Access Procedure (A-ISN-0024)
End Point Protection of Information Technology from Malicious Software (A-ISN-0029)
Information System Activity Review (A-ISN-0025)
Mechanism to Authenticate Electronic PHI (A-ISN-0027)
Network Penetration Testing Policy (A-ISN-0037)
Person or Entity Authentication for EPHI Access (A-ISN-0028)
Portable Removable Media (A-ISN-0040)
Privacy/Security – Contracts with Business Associates (A-EXE-0023)
Computer Access Authorization, Establishment, Modification and Termination (A-ISN-0006)
AI-based Technologies (A-ISN-0043)
Prevention, detection, containment, and correction of security violations
Employee background checks and confidentiality agreements
List of authentication methods used to identify users authorized to access EPHI
Detecting, reporting, and responding to security incidents (if not in the security plan)
Monitoring systems use - authorized and unauthorized
Use of wireless networks
Granting, approving, and monitoring systems access (for example, by level, role, and job function)
Sanctions for workforce members in violation of policies and procedures governing EPHI access or use
Session termination policies and procedures for inactive computer systems
Policies and procedures for emergency access to electronic information systems
Password management policies and procedures
Secure workstation use (documentation of specific guidelines for each class of workstation
(i.e., on site, laptop, and home system usage)
Disposal of media and devices containing EPHI
Encryption or equivalent measures implemented on systems that store, transmit, or access EPHI
Policies and procedures governing the use of virus protection software
Disaster recovery test plans and results
Record of movements of hardware and electronic media containing EPHI and person responsible for movement