-
Main Page
HUBzero Policies Support The best way to get support is to file tickets. HUBzero staff work flexible hours, and so it is possible to get answers at many different times. However, staff is …
http://hubzero.org/topics/MainPage
-
164308 a 1 ii A Risk Analysis
HUBzero will take reasonable steps to identify and prioritize the risks to the confidentiality, integrity, and availability of EPHI due to HUBzero software and its configuration, as well as the …
http://hubzero.org/topics/164308a1iiARiskAnalysis
-
164308 a 7 Contingency Plan
Disaster and emergency recovery strategy Recovery point objectives (RPO) and recovery time objectives (RTO) vary greatly from hub to hub. However, HUBzero does not prioritize the recovery of …
http://hubzero.org/topics/164308a7ContingencyPlan
-
Reporting and notification procedures
The following version of Reporting and Notification Procedures contains private phone numbers. In the event of a disaster, the people to call are: Name Position Office Phone …
http://hubzero.org/topics/164308a7Notification
-
164.310 c Workstation Security
A. HUBzero will place the workstations of privileged users in locked offices to minimize the risk of physical access by unauthorized persons. B. HUBzero workforce members will follow steps …
http://hubzero.org/topics/164310cWorkstationSecurity
-
164310 b Workstation Use
HUBzero web developers and administrators usually have no need to access EPHI information. However, due to their privileged level of access, they need to protect their workstation from unauthorized …
http://hubzero.org/topics/164310bWorkstationUse
-
164.312 c Integrity
1. Standard (Operational Requirements) Verification procedures Developers of applications hosted on HUBzero infrastructure must develop procedures for verifying that controls used to protect the …
http://hubzero.org/topics/164312cIntegrity
-
164312 d Transmission Security
“ Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.” 1. …
http://hubzero.org/topics/164312dTransmissionSecurity
-
164312 d Person or Entity Authentication
Purdue has related standards: 1. Authentication and Authorization Policyhttp://www.purdue.edu/policies/pages/information_technology/v_1_2.html 2. User Credentials …
http://hubzero.org/topics/164312dPersonorEntityAuthentication
-
164312 b Audit Control
“Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.” System activity …
http://hubzero.org/topics/164312bAuditControl
-
164312 a Access Control
“Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs …
http://hubzero.org/topics/164312aAccessControl
-
164310 d 1 Device and Media Controls
1. Disposal Defaults as Purdue’s policy 2. Media Re-use Defaults as Purdue’s policy 3. Accountability This will be addressed when HUBzero will start storing tapes offsite. 4. Data …
http://hubzero.org/topics/164310d1DeviceandMediaControls
-
164310 a 1 Facility Access Controls
“ Implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized …
http://hubzero.org/topics/164310a1FacilityAccessControls
-
164308 a 5 Security Awareness and Training
1. Security Reminders HUBzero will post security reminders near the mailbox in Young Hall, reminding the workforce on the importance of protecting PHI. Every time Purdue will release a quartely …
http://hubzero.org/topics/164308a5SecurityAwarenessandTraining
-
164308 a 3 Workforce Security
Background HUBzero staff that have administrative rights (“privileged access”) to the systems containing EPHI are covered by the following policies. That is because they could modify the …
http://hubzero.org/topics/164308a3WorkforceSecurity
-
Main Page
The following documents support HUBzero’s HIPAA alignment. They describe relevant policies and procedures, and are the primary copies for said policies and procedures. They are meant to be …
http://hubzero.org/topics/MainPage
-
164308 a 1 ii (D) Information System Activity Review
Policy HUBzero will review records of information system activity on a periodic basis. Additional reviews will be done as needed where incidents are reported or suspected. Information gathered from …
http://hubzero.org/topics/164308a1iiDInformationSystemActivityReview
-
164.308 a 1 ii (B) Risk Management
1. Goal HUBzero will implement security measures designed to reduce the risks to EPHI to a reasonable level, provided that applications making use of EPHI restrict themselves to an appropriately …
http://hubzero.org/topics/164308a1iiBRiskManagement
-
164.308 a 4 Information Access Management
Definition Privileged access to HUBzero infrastructure is defined as having “superadmin” access to the administrative interface of a hub, root access to the infrastructure, being a …
http://hubzero.org/topics/164308a4InformationAccessManagement
-
164.316 a Policies and Procedures
1. HUBzero will document its HIPAA-related policies and procedures, or a mapping to regular HUBzero policies and procedures, in the wiki hosted on hubzero.org, in the hubzero_hipaa group. 2. The …
http://hubzero.org/topics/164.316aPoliciesandProcedures