| NEW GMHA HIPAA SECURITY POLICIES - INDEX | ||||||||
| GMH Policy No. | JCAHO IM Standard Reference No. | Policy Title | 1=Admin 2=Dept 3=Hosp-wide 4=Rules/Regs 5=Bylaws 6=Others | Effective Date | Last Reviewed (mm/yyyy) | Last Revision (mm/yyyy) | Next Review (mm/yyyy) | Approved (mm/yyyy) |
| 6100-29 | 2.20.2126 | EMAIL CONFIDENTIALITY NOTICE/DISCLAIMER | 1 | 03/01/02 | March-02 | N/A | N/A | Aug-02 |
| 6100-30 | 2.20.2126 | CONFIDENTIAL INFORMATION | 1 | 03/01/03 | March-03 | N/A | N/A | Mar-03 |
| 6420-3 | 2.20.2126 | PASSWORD MANAGEMENT POLICY | 1 | 12/28/04 | December-04 | N/A | N/A | Dec-04 |
| 6420-4 | 2.20.2124 | COMPUTER SOFTWARE POLICY | 1 | 12/28/04 | December-04 | N/A | N/A | Dec-04 |
| 6420-5 | 2.20.2126 | SECURITY MANAGEMENT PROCESS POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-06 |
| 6420-6 | 2.20.2124 | RISK ANALYSIS POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 |
| 6420-7 | RISK MANAGEMENT POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-8 | 2.20.2113 | SANCTION POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 |
| 6420-9 | 2.20.2122 | INFORMATION SYSTEM ACTIVITY REVIEW POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 |
| 6420-10 | 2.20.2123 | ASSIGNED SECURITY RESPONSIBILITY POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 |
| 6420-11 | WORKFORCE SECURITY POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-12 | AUTHORIZATION AND/OR SUPERVISION POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-13 | 2.20.2118 | WORKFORCE CLEARANCE PRODEDURE POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 |
| 6420-14 | TERMINATION PROCEDURE POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-15 | 2.20.2119 | INFORMATION ACCESS MANAGEMENT POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 |
| 6420-16 | 2.20.2120 | ACCESS AUTHORIZATION POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 |
| 6420-17 | ACCESS ESTABLISHMENT AND MODIFICATION POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-18 | SECURITY AND QWARENESS AND TRAINING POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-19 | SECURITY REMINDERS POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-20 | 2.20.2115 | LOG-IN MONITORING POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 |
| 6420-21 | 2.20.2116 | SECURITY INCIDENT PROCEDURES POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 |
| 6420-22 | 2.20.2125 | RESPONSE AND REPORTING POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 |
| 6420-23 | 2.20.2127 | CONTINGENCY POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 |
| 6420-24 | DATA BACKUP PLAN POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-25 | 2.20.2128 | DISASTER RECOVERY PLAN POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 |
| 6420-26 | 2.20.2129 | EMERGENCY MODE OPERATION POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 |
| 6420-27 | 2.30.2203 | TESTING AND REVISIO0N PROCEDURES POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 |
| 6420-28 | 2.30.2202 | APPLICATIONS AND DATA CRITICALITY ANALYSIS POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 |
| 6420-29 | EVALATION POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-30 | 2.20.2134 | BUSINESS ASSOCIATE CONTRACTS AND OTHER ARRANGEMENT POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 |
| 6420-31 | FACILITY ACCESS CONTROLS POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-32 | CONTINGENCY OPERATIONS POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-33 | FACILITY SECURITY PLAN POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-34 | 2.30.2202 | ACCESS CONTROL AND VALIDATION PROCEDURES POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 |
| 6420-35 | MAINTENANCE RECORDS POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-36 | WORK STATION USE POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-37 | 2.20.2130 | WORK STATION SECURITY POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 |
| 6420-38 | DEVICE AND MEDIA CONTROLS POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-39 | 2.20.2131 | DISPOSAL POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 |
| 6420-40 | MEDIA RE-USE POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-41 | ACCOUNTABILITY POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-42 | DATA BACKUP AND STORAGE POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-43 | ACCESS CONTROL POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-44 | UNIQUE USER IDENTIFICATION POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-45 | EMERGENCY ACCESS PROCEDURES POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-46 | AUTOMATIC LOG OFF POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-47 | 2.20.2132 | ENCRYPTION AND DECRYPTION POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 |
| 6420-48 | AUDIT CONTROL POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-49 | 2.20.2135 | INTEGRITY POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 |
| 6420-50 | 2.20.2117 | MECHANISM TO AUTHENTICATE ELECTRONIC PROTECTED HEALTH INFORMATION POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 |
| 6420-51 | PERSON OR ENTITY AUTHENTICATION POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-52 | 2.20.2133 | TRANSMISSION POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 |
| 6420-53 | INTEGRITY CONTROLS POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-54 | ENCRYPTION POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-55 | DOCUMENTATION POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-56 | INFORMATION CLASSIFICATION POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-57 | NETWORK SECURITY POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-58 | EMAIL SECURITY POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-59 | WIRELESS SECURITY POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-60 | VNP SECURITY POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-61 | REMOTE ACCESS POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-62 | DIAL IN ACCESS POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |
| 6420-63 | INTERNET AND EMAIL ACCESS POLICY | 1 | 12/01/04 | January-06 | February-06 | N/A | Feb-08 | |