Menu

VITL Information Security Policies

Patient Consent

Policy Purpose Link
Patient Consent To establish requirements for patient consent to view data on the Vermont Health Information Exchange. This policy is established by the state of Vermont and implemented by VITL. (Adopted by Green Mountain Care Board March 13, 2014) Vermont Patient Consent Policy

 

Privacy, Security and Disaster Recovery

Policy Purpose Link
HIPAA Compliance Policy and Procedures To establish the requirements for the proper handling of Protected Health Information (PHI). InfoSec1 - Information Privacy and Security Management Process
Information System User To ensure the proper use of workstations, devices, and computing facilities by members of the VITL workforce to protect the security of personal or private information, as required by the HIPAA Privacy and Security Rules and other applicable regulations. InfoSec2 - Information System User Policy
Information System Access Control To ensure that all users have only the appropriate access to electronic PHI. InfoSec3 - Information System Access Control
Information Security Incident Response To assure the confidentiality, integrity and availability of Protected Information held by VITL. InfoSec4 - Information Security Incident Response
Secondary Use of Data To establish the conditions, if any, under which protected health information on the VHIE may be used for purposes other than direct patient care. InfoSec6 - Secondary Use of Data
Disaster Recovery To establish a policy with regard to disaster recovery and other emergency situations. SEC008-1 - Disaster Recovery
Security Policy Introduction This set of information security policies is designed to provide the foundation for the information security program and practices necessary to protect the confidential information of Vermont Information Technology Leaders (VITL). SEC010 - Security Policy Introduction
Glossary of Terms A glossary of terms for the VITL information security policies. SEC011 - Glossary of Terms

 

Tag / Keyword: