Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Data Management

P51-INTCON

POLICY # 51
INTEGRITY CONTROLS
ADMINISTRATIVE MANUAL
APPROVED BY:
SUPERCEDES POLICY:
DATE:
ADOPTED:
REVISED:
REVIEWED:
REVIEW:
PAGE:
HIPAA Security
Rule Language:
“Implement security measures to ensure that electronically transmitted
Policy Summary:
When risk analysis indicates it is necessary, appropriate integrity controls
must be used to protect the confidentiality, integrity, and availability of
Sindecuse Health Center (SHC) data transmitted over electronic
communications networks. SHC’s integrity controls must ensure that the
value and state of all transmitted data is maintained and the data is
protected from unauthorized modification. All such integrity controls
must be approved by SHC’s Information Security Office.
Purpose:
This policy reflects SHC’s commitment to use appropriate integrity
controls to protect the confidentiality, integrity, and availability of SHC
data transmitted over electronic communications networks.
Policy:
1. When risk analysis indicates it is necessary, appropriate integrity
controls must be used to protect the confidentiality, integrity and
availability of SHC data transmitted over electronic communications
networks.
EPHI is not improperly modified without detection until disposed of.”
2. At a minimum, SHC’s risk analysis must consider the following
factors when determining whether or not integrity controls must be used
when sending specific data over an electronic communications network:




The sensitivity of the data
The risks to the data
The expected impact to SHC functionality and work flow if the
data are sent with integrity controls
The ability of the recipient of the data to check the integrity of
the data that were sent
3. Integrity controls must always be used when highly sensitive SHC
data such as passwords are transmitted over electronic communications
networks.
4. SHC’s integrity controls must ensure that the value and state of all
Page 1 of 3
Copyright 2003 Phoenix Health Systems, Inc.
Limited rights granted to licensee for internal use only.
All other rights reserved.
INTEGRITY CONTROLS
transmitted data is maintained and the data is protected from
unauthorized modification. Such controls include but are not limited to:



Checksums
Message authentication codes
Hash values
5. All integrity controls used to protect the confidentiality, integrity and
availability of SHC data transmitted over an electronic communications
network must be approved by SHC’s information security office.
Scope/Applicability: This policy is applicable to all departments that use or disclose electronic
protected health information for any purposes.
This policy’s scope includes all electronic protected health information,
as described in Definitions below.
Regulatory
Category:
Technical Safeguards
Regulatory Type:
ADDRESSABLE Implementation Specification for Transmission
Security Standard
Regulatory
Reference:
45 CFR 164.312(e)(2)(i)
Definitions:
Availability means the property that data or information is accessible and
useable upon demand by an authorized person.
Confidentiality means the property that data or information is not made
available or disclosed to unauthorized persons or processes.
Integrity means the property that data or information have not been
altered or destroyed in an unauthorized manner.
Electronic communications network means any series of nodes
interconnected by communication paths that is outside the SHC network
(e.g., the Internet). Such networks may interconnect with other networks
or contain sub networks.
Checksum means a count of the number of bits in a transmission unit that
is included with the unit so that the receiver can check to see whether the
same number of bits arrived. If the counts match, it's assumed that the
complete transmission was received. This number can be regularly
verified to ensure that the data has not been improperly altered.
Page 2 of 3
Copyright 2003 Phoenix Health Systems, Inc.
Limited rights granted to licensee for internal use only.
All other rights reserved.
INTEGRITY CONTROLS
Message authentication code means a one-way hash of a message that is
then appended to the message. This is used to verify that the message is
not altered between the time the hash is appended and the time it is
tested.
Hash (or hash value) means a number generated from a string of text. A
sender of data generates a hash of the message, encrypts it, and sends it
with the message itself. The recipient of the data then decrypts both the
message and the hash, produces another hash from the received message,
and compares the two hashes. If they are the same, there is a very high
probability that the message was transmitted intact.
Responsible
Department:
Information Systems
Policy Authority/
Enforcement:
SHC’s Security Official is responsible for monitoring and enforcement of
this policy, in accordance with Procedure # (TBD).
Related Policies:
Transmission Security
Encryption
Renewal/Review:
This policy is to be reviewed annually to determine if the policy complies
with current HIPAA Security regulations. In the event that significant
related regulatory changes occur, the policy will be reviewed and updated
as needed.
Procedures:
TBD
Page 3 of 3
Copyright 2003 Phoenix Health Systems, Inc.
Limited rights granted to licensee for internal use only.
All other rights reserved.
Related documents
ROMAN CATHOLICS IN MINEHEAD
ROMAN CATHOLICS IN MINEHEAD
B3_Energy_transfers
B3_Energy_transfers
53. policies and procedures for security
53. policies and procedures for security
2011 SHC Student Experiences Survey - BadgerWeb
2011 SHC Student Experiences Survey - BadgerWeb
P5-ISAREV
P5-ISAREV
F.4-WMU-Disclosure of PHI for Cadaveric Organ, Eye, or Tissue
F.4-WMU-Disclosure of PHI for Cadaveric Organ, Eye, or Tissue
transcription conventions
transcription conventions
P25-TSTREV
P25-TSTREV
P52-ENCRPT
P52-ENCRPT
Dress Up Day Attire
Dress Up Day Attire
School Health Center Job Descriptions
School Health Center Job Descriptions
P37-DISPSL
P37-DISPSL
Download