Minimum Content of the Policies and Procedures. The Policies and Procedures shall include, but shall not be limited to the following: 1. Policies regarding encryption of ePHI. 2. Policies regarding password management. 3. Policies regarding security incident response. 4. Policies regarding mobile device controls. 5. Policies regarding information system review. 6. Policies regarding security reminders. 7. Policies regarding log-in monitoring. 8. Policies regarding a data backup plan. 9. Policies regarding a disaster recovery plan. 10. Policies regarding an emergency mode operation plan. 11. Policies regarding testing and revising of contingency plans. 12. Policies regarding applications and data criticality analysis. 13. Policies regarding automatic log off. 14. Policies regarding audit controls. 15. Policies regarding integrity controls.
Appears in 3 contracts
Sources: Resolution Agreement, Resolution Agreement, Resolution Agreement