Difference between revisions of "Healthcare Code of Conduct"
From MgmtWiki
(→Norwegian) |
|||
Line 11: | Line 11: | ||
===Norwegian=== | ===Norwegian=== | ||
− | There are two categories, large and small organization. | + | * There are two categories, large and small organization. |
+ | * There are a series of fact sheets which includes. These all include something that looks like assessment criteria. | ||
+ | ** the actors in a healthcare covered entity. | ||
+ | ** There Sallowed be a security management system where PHI is present. | ||
+ | ** Procedures must be inlace before processing PHI. | ||
+ | ** Security Audits shall be conducted at least annually. | ||
+ | ** Rich assessments must be carried out prior to operations, including any change that may impact security. | ||
+ | ** External data processors must agree to follow and report on compliance with regulations. | ||
+ | ** Access control appears to be granted based on the purpose of access. It seems to be up to each organization to create the purposes or roles. (RBAC?) | ||
==References== | ==References== |
Revision as of 18:18, 2 August 2021
Full Title or Meme
In Healthcare Identity Management a Code of Conduct applies to those software elements that handle the Patient Health Information.
Context
- See the wiki page Health Care Digital Identity for more about the context of this topic.
Examples
CARIN
Norwegian
- There are two categories, large and small organization.
- There are a series of fact sheets which includes. These all include something that looks like assessment criteria.
- the actors in a healthcare covered entity.
- There Sallowed be a security management system where PHI is present.
- Procedures must be inlace before processing PHI.
- Security Audits shall be conducted at least annually.
- Rich assessments must be carried out prior to operations, including any change that may impact security.
- External data processors must agree to follow and report on compliance with regulations.
- Access control appears to be granted based on the purpose of access. It seems to be up to each organization to create the purposes or roles. (RBAC?)
References
- See the wiki page CARIN App Registration for details on one use case for the CARIN code of conduct.