Minimum EHI Security Requirements. To promote the confidentiality, integrity, and availability of EHI and minimize the potential for Breaches of EHI, each QHIN shall be required to comply with the HIPAA Rules as if they applied to EHI including but not limited to: (i) maintaining reasonable and appropriate administrative, technical, and physical safeguards for protecting EHI; (ii) protect against reasonably anticipated impermissible Uses and Disclosures of EHI; (iii) identifying and protecting against reasonably anticipated threats to the security or integrity of EHI; and (iv) monitoring compliance with such safeguards by its workforce. In determining which administrative, technical and physical safeguards to implement, the QHIN shall consider the following: (i) its size, complexity, and capabilities; (ii) its technical, hardware, and software infrastructure; (iii) the costs of security measures; and (iv) the likelihood and possible impact of potential risks to EHI. Each QHIN further shall review and modify such safeguards to continue protecting EHI in a changing environment of security threats within a reasonable period of time. Additionally, each QHIN shall be required to implement the following minimum security requirements described below.
Appears in 2 contracts
Sources: Trusted Exchange Framework and Common Agreement (Tefca), Common Agreement