GUAM MEMORIAL HOSPITAL AUTHORITY
POLICY REPOSITORY DATABASE
				Effective	Reviewed/	Endorsed	Rescinded Policy(s)	Next Review/Update
Department/Unit	Responsibility	Policy No.	Policy Title	Date	Revised Date	Date	(Dept./Policy #)	Due Date
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-1	Confidential Information	4/15/2010	3/1/2010	4/15/2010		04/15/2013
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-2	Confidentiality Disclaimer Notice Policy	3/1/2002	12/1/2010	12/1/2010		04/15/2013
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-3	Password Management Policy	12/28/2004	8/1/2009	2/1/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-4	Computer Software Policy	12/28/2004	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-5	Information Security Management Process Policy	12/2004	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-6	Risk Analysis Policy	12/2004	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-7	Risk Management Policy	12/2004	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-8	Sanction Policy	12/2004	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-9	Information System Activity Review Policy	12/2004	08/2009	08/2009
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-10	Assigned Security Responsibility Policy	12/2004	01/2011	01/2011
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-11	Workforce Authorization/Supervision Policy	12/2004	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-12	Authorization And/Or Supervision Policy	12/2004	01/2011	01/2011
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-13	Workforce Clearance and Access Authorization Policy	12/2004	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-14	Workforce Termination Policy	12/2004	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-15	Information Access Management Policy	12/2004	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-16	Access Authorization Policy	12/2004	01/2011	01/2011
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-17	Access Establishment and Modification Policy	12/2004	01/2011	01/2011
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-18	Security Awareness and Training Policy	12/2004	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-19	Security Reminders Policy	12/2004	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-20	Log-In Monitoring Policy	12/2004	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-21	Information Security Incident Procedure- Response and Reporting Policy	12/2004	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-22	Business Associate Contract Policy	12/2004	01/2011	01/2011
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-23	Contingency Plan Policy	12/2004	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-24	Data Backup Plan Policy	12/2004	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-25	Disaster Recovery Plan Policy	12/2004	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-26	Emergency Operations Plan Policy	12/2004	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-27	Testing and Revision Procedures Policy	12/2004	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-28	Applications and Data Critically Analysis Policy	12/2004	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-29	Evaluation Policy	12/2004	01/2011	01/2011
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-31	Facility Access Controls Policy	12/2004	12/1/2010	01/2011
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-32	Contingency Operations Policy	12/2004	01/2011	01/2011
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-33	Facility Security Plan Policy	12/2004	01/2011	01/2011
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-34	Access Control and Validation Procedures Policy	12/2004	01/2011	01/2011
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-35	Maintenance Records Policy	12/2004	01/2011	01/2011
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-36	Work Station Use Policy	12/2004	01/2011	01/2011
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-37	Workstation Security Policy	12/2004	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-38	Device and Media Controls Policy	12/2004	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-39	Disposal Policy	12/2004	12/1/2010	01/2011
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-40	Media-Re-Use Policy	12/2004	10/2010	10/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-41	Hardware and Electronic Media Accountibility Policy	12/2004	10/2010	10/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-42	Data Backup and Storage Policy	12/2004	10/2010	10/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-43	Access Control Policy	12/2004	10/2010	10/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-44	Unique User Identification Policy	12/2004	10/2010	10/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-45	Emergency Access Procedures Policy	12/2004	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-46	Automatic Logoff Policy	12/2004	01/2011	01/2011
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-47	Encryption and Decryption Policy	12/2004	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-48	Audit Control Policy	12/2004	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-50	Mechanism To Authenticate Electronic Protect Health Information Policy	12/2004	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-51	Person or Entity Authentication Policy	12/2004	01/2011	01/2011
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-52	Transmission Security Policy	12/2004	10/2010	10/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-53	Integrity Controls Policy	12/2004	10/2010	10/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-54	Encryption Policy	12/2004	10/2010	10/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-55	Documentation Policy	12/2004	10/2010	10/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-56	Information Classification Policy	12/2004	10/2010	10/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-57	Network Security Policy	12/2004	10/2010	10/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-58	Email Security Policy	12/2004	10/2010	10/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-59	Wireless Security Policy	12/2004	10/2010	10/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-60	Virtual Private Network (VPN) Security Policy	12/2004	10/2010	10/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-61	Remote Access policy	12/2004	10/2010	10/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-62	Dial In Access Policy	12/2004	10/2010	10/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-63	Internet and Email Access Policy	12/2004	10/2010	10/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-64	Use of Non-GMHA Computer Equipment and Media at GMHA Information Policy	12/2004	10/2010	10/2010
	Information Technology Department HIPAA Security Officer	6420-65	Data Center Protection/Emergency/Recovery Plan Policy	02/2010	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-66	Maintenance of Computer Software Programs Policy	02/2010	02/2010	02/2010
Information Technology Department	Information Technology Department HIPAA Security Officer	6420-67	General Security; Electronic Protected Health Information (ePHI) Policy	12/2004	02/2010	02/2010