Minimum Security Requirements. To promote the confidentiality, integrity, and availability of EHI and minimize the potential for Breaches of EHI, each Participant Member shall be required to: (i) maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting EHI; (ii) protect against reasonably anticipated impermissible Uses and Disclosures of EHI; (iii) identify and protect against reasonably anticipated threats to the security or integrity of EHI; and (iv) monitor compliance with such safeguards by its workforce. In determining which administrative, technical and physical safeguards to implement, the Participant Member shall consider the following: (i) its size, complexity, and capabilities; (ii) its technical, hardware, and software infrastructure; (iii) the costs of security measures; and (iv) the likelihood and possible impact of potential risks to EHI. Each Participant Member further shall review and modify such safeguards to continue protecting EHI in a changing environment of security threats within a reasonable period of time. Additionally, each Participant Member shall be required to implement the following minimum security requirements described below.
Appears in 2 contracts
Samples: www.healthit.gov, www.healthit.gov
Minimum Security Requirements. To promote the confidentiality, integrity, and availability of EHI and minimize the potential for Breaches of EHI, each Participant Member shall be required to: (i) maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting EHI; (ii) protect against reasonably anticipated impermissible Uses and Disclosures of EHI; (iii) identify and protect against reasonably anticipated threats to the security or integrity of EHI; and (iv) monitor compliance with such safeguards by its workforce. In determining which administrative, technical and physical safeguards to implement, the Participant Member shall consider the following: (i) its size, complexity, and capabilities; (ii) its technical, hardware, and software infrastructure; (iii) the costs of security measures; and (iv) the likelihood and possible impact of potential risks to EHI. Each Participant Member further shall review and modify such safeguards to continue protecting EHI in a changing environment of security threats within a reasonable period of time. Additionally, each Participant Member shall be required to implement the following minimum security requirements described below.
Appears in 2 contracts
Samples: www.healthit.gov, www.healthit.gov