Policies, Agreements, Terms & Conditions
MedStack Technology Compliance Policies
Awareness, training, and reminders
Foster awareness of compliance
- Provide security reminders based on compliance training materials.
- Attend privacy and security conferences.
- Maintain awareness of new and evolving security threats.
| Code | Section | Title |
|---|---|---|
| ISO | A.6.1.4 | Contact with special interest groups |
| HIPAA | 164.308(a)(5)(ii)(A) | Security reminders |
Notify users of their responsibilities
- to protect their credentials (passwords)
- to apply information security in accordance with our policies
| Code | Section | Title |
|---|---|---|
| ISO | A.7.2.1 | Management responsibilities |
Provide compliance training that is clear and complete
- To
- all employees
- When
- during the new employee orientation period
- before access is permitted to production systems
- annually
- Train on
- what is compliance and what compliance frameworks we follow
- third party regulations on health data privacy and security
- our internal information privacy and security policies and procedures
- the duties and responsibilities of specific individuals, workgroups, departments, and divisions
- security basics such as password management, malware protection, social engineering and phishing
- Maintain training records
- including the training done and when it was done
| Code | Section | Title |
|---|---|---|
| ISO | A.7.2.2 | Information security awareness, education and training |
| CHI | SR15 | Training users and raising security awareness |
| SOC2 | CC1.1 | Establishes Standards of Conduct |
| SOC2 | CC1.4 | COSO Principle 4: The entity demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. |
Run simulated tabletop information security incident training
- annually or when the threat environment changes significantly
- for employees with operational PHI access
Third-party resources
- Use recognized independent third-party resources where possible.
Enforcement
- Responsible party: All managers and supervisors
- sanctions: standard
References
| Code | Section | Title |
|---|---|---|
| ISO | A.7.2 | During employment |
| HIPAA | 164.308(a)(5)(ii)(A) | Security awareness and training |
| SOC2 | CC1.4 | COSO Principle 4: The entity demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. |
| SOC2 | CC2.2 | COSO Principle 14: The entity internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control. |
| SOC2 | CC1.4 | COSO Principle 4: The entity demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. |
Life Support Mental Health Inc. @ 2023
All Rights Reserved