Warning: Attempt to read property "post_content" on null in /home/customer/www/lifesupport247.com/public_html/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/class-dynamic-assets.php on line 2078
MedStack Human Resource Security - Mental Health Check

MedStack Technology Compliance Policies

Human resource security

Screen employees prior to hiring

  • Responsible party: Hiring manager
  • Clearance
    • Check three professional references
    • Perform a criminal record check
    • Document into a clearance file
  • Purpose
    • Ensure that persons with serious criminal records or histories of financial or legal difficulties do not have inappropriate access to PHI.
HIPAA164.308(a)(3)(ii)(B)Workforce clearance procedure
CHISR13Verifying the identity of users
SOC2CC1.4COSO Principle 4: The entity demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives.

Workforce contracts

  • Include language in workforce contracts regarding
    • responsibilities for information security
    • that they are responsible for following these policies and procedures
    • termination of access and return of assets
ISOA.7.1.2Terms and conditions of employment
CHISR11Addressing user responsiblities in job descriptions
CHISR12Addressing user responsibillities in Terms of Employment
SOC2CC2.2COSO Principle 14: The entity internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.

Authorize minimum necessary access to PHI

  • Authorize the appropriate level of access to PHI to all members of the workforce.
  • Base authorization on the nature and duties of the employee’s job.
  • Immediately modify authorization when the nature of their job changes and requires a different level of access, whether greater or lesser.
HIPAA164.308(a)(3)(ii)(A)Workforce security

Terminate employee authorization

  • when their employment relationship with our organization ends
  • when the employee has been sanctioned, as appropriate
  • immediately (with no more than one hour delay) upon the occurrence of a triggering event
ISOA.7.3.1Termination or change of employment responsibilities
HIPAA164.308(a)(3)(ii)(C)Termination procedures

Upon termination, require return of all physical assets

ISOA.8.1.4Return of assets


  • Responsible party: All managers and supervisors
  • sanctions: standard


ISOA.7Human resource security
ISOA.7.1Prior to employment
ISOA.7.3Termination and change of employment
HIPAA164.308(a)(3)Workforce security
SOC2CC2.3COSO Principle 15: The entity communicates with external parties regarding matters affecting the functioning of internal control.
SOC2CC8.1The entity authorizes, designs, develops or acquires, configures, documents, tests, approves, and implements changes to infrastructure, data, software, and procedures to meet its objectives.
SOC2CC9.2The entity assesses and manages risks associated with vendors and business partners.

Mental Health Check

Life Support Mental Health Inc. @ 2024

All Rights Reserved

Mental Health Check | Life Support Mental Health Inc. © 2024 | All Rights Reserved