Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Data Management

Compliance Review Checklist

advertisement 
Compliance Review Checklist
Project Name
Technical Contact
Project Owner
Date
Upon completion of the checklist, save a copy for future reference and e-mail to the UNMC Security
Officer: swelna@unmc.edu. She may request a brief meeting to review.
Requirement
Response
I.
Proposal Description:
A
II.
Who, What, Where, When, Purpose:
Nature of the Information
A
B
C
D
E
F
G
What information will the system / application
process, store or transmit?
Will protected health information (PHI) be used?
Examples include unique identifiers such as Patient
name, medical record/registration number, SS#,
demographic information, all dates, etc. (
Will PHI be de-identified? If no, state that PHI will
be stored within the native system with all
identifiers. If yes, 18 individual identifiers must be
removed.
Will the system / application process other
confidential information? Examples: financial data,
research results, employee information, credit card
data, etc.
How will access to the system / application be
granted? (What user ID / password will be utilized
when on campus)
Who will be the information custodian?
Will the system/application process, store or
transmit Credit Cards?
III. Work Process and Environment
A
B
C
D
E
F
G
H
IV
Give examples of how this system / application will
be used.
Who will be using the system / application?
Will a third party be utilizing this system to perform
services on our behalf?
Diagram the flow of information between systems
and attach to this document.
Will data be leaving the UNMC environment?
Examples: direct submissions to benchmarking
databases, compliance organizations, etc.
If data will be leaving the UNMC environment, who
will receive the data and for what purposes will they
use it?
If data will be leaving the UNMC environment, will
the data be further disseminated to other parties? If
so, explain for what purposes the data will be used.
Do you intend to utilize wireless with this project? If
so, please describe the use. Document if the
application is capable of being accessed by a
wireless device, not only if you intend to use or not
use wireless technology.
Remote Access
A
B
Will the system / application be available from the
Internet?
Who will access the data remotely from the
Internet? For what purpose?
Form Date: 06/18/2013
D:\219473093.doc
Page 1
Form Date: 06/18/2013
D:\219473093.doc
Page 2
Related documents
______________________________________________________________________ SECTION I SECTION II
______________________________________________________________________ SECTION I SECTION II
This BUSINESS PARTNER NETWORK USE ADDENDUM (“Addendum”) is attached to
This BUSINESS PARTNER NETWORK USE ADDENDUM (“Addendum”) is attached to
Download
advertisement