Difference between revisions of "Healthcare Code of Conduct"

From MgmtWiki
Jump to: navigation, search
(Norwegian)
Line 14: Line 14:
 
* There are a series of fact sheets which includes. These all include something that looks like assessment criteria.
 
* There are a series of fact sheets which includes. These all include something that looks like assessment criteria.
 
**  the actors in a healthcare covered entity.
 
**  the actors in a healthcare covered entity.
** There Sallowed be a security management system where PHI is present.
+
** There shall be a security management system where PHI is present.
 
** Procedures must be inlace before processing PHI.
 
** Procedures must be inlace before processing PHI.
 
** Security Audits shall be conducted at least annually.
 
** Security Audits shall be conducted at least annually.
Line 20: Line 20:
 
** External data processors must agree to follow and report on compliance with regulations.
 
** External data processors must agree to follow and report on compliance with regulations.
 
** Access control appears to be granted based on the purpose of access. It seems to be up to each organization to create the purposes or roles. (RBAC?)
 
** Access control appears to be granted based on the purpose of access. It seems to be up to each organization to create the purposes or roles. (RBAC?)
 +
** Incident registration and followup shall be inlace before PHI is collected and patient shall have access. Notice does not appear to be required.
 +
** Message communications are subject to national standards - which might be HL7 formats. not clear. It is call ebXML (which goes back to ANSII X12 EDI) and utilized a national ID.
  
 
==References==
 
==References==

Revision as of 17:29, 2 August 2021

Full Title or Meme

In Healthcare Identity Management a Code of Conduct applies to those software elements that handle the Patient Health Information.

Context


Examples

CARIN

Norwegian

  • There are two categories, large and small organization.
  • There are a series of fact sheets which includes. These all include something that looks like assessment criteria.
    • the actors in a healthcare covered entity.
    • There shall be a security management system where PHI is present.
    • Procedures must be inlace before processing PHI.
    • Security Audits shall be conducted at least annually.
    • Rich assessments must be carried out prior to operations, including any change that may impact security.
    • External data processors must agree to follow and report on compliance with regulations.
    • Access control appears to be granted based on the purpose of access. It seems to be up to each organization to create the purposes or roles. (RBAC?)
    • Incident registration and followup shall be inlace before PHI is collected and patient shall have access. Notice does not appear to be required.
    • Message communications are subject to national standards - which might be HL7 formats. not clear. It is call ebXML (which goes back to ANSII X12 EDI) and utilized a national ID.

References