Article Figures & Data
Tables
Administrative Routine risk analysis of systems and personnel involved in their processes Security personnel and a designated security officer Implementation of policies and procedures for authorizing role-based access to information Authorization, training, and supervision of workforce members, and application of appropriate sanctions should those procedures be violated Periodic assessment and evaluation of meeting of standards Physical Limited and differentiated facility access and control Development of policies and procedures regarding workstation and device security, including transfer, removal, disposal, and reuse of electronic media containing e-PHI Technical Development of policies and procedures to control access to e-PHI, and to ensure the integrity of e-PHIs Implementation of hardware, software, and/or procedural mechanisms to record and examine activities of e-PHI Implementation of technical security measures that guard against unauthorized access to e-PHI while being transmitted over an electronic network Names All geographic subdivisions smaller than a state (street address, city, county, precinct, Zip code, and their equivalent geocodes, with some exceptions) All elements of dates (except year) for dates directly related to an individual (birth date, admission date, discharge date, date of death) Telephone numbers Fax numbers Electronic mail addresses Social security numbers Medical record numbers Health plan beneficiary numbers Account numbers Certificate/license numbers Vehicle identifiers, including license plate numbers Device identifiers and serial numbers Web universal resource locator (URLs) Internet Protocol (IP) address numbers Biometric identifiers, including finger and voice prints Full-face photographic images and any comparable images Any other unique identifying number, characteristic, or code
