Integrity Policy

Procedures

1. Policies and procedures to protect ePHI from improper alteration or destruction and to keep ePHI consistent with its source have been created and will be reviewed on an ongoing basis.
2. Team members shall be briefed on these procedures and actions to take when applicable.
3. Electronic mechanisms have been implemented to confirm that ePHI has not been altered or destroyed in an unauthorized manner. Technical controls to use include:
   1. Firewalls;
   2. Encryption;
   3. Password protection and other authentication devices; and
   4. Anti-virus software.
4. The Security Manager or its designated person shall be responsible for maintaining internal controls to protect ePHI from improper alteration or destruction and to keep it consistent with its source.
5. Recommendations regarding the preferred combination of technical solutions, processes, and procedures may be made by any team member. However, it is up to the management team to decide upon implementation or changes.
6. The Security Officer or its designated representative must perform routine monitoring of the systems multiple times throughout the year.
   1. Database integrity - integrity checking and data recovery features which must be built into the database application;
   2. Procedure integrity - based on the level of risk it may be necessary to provide additional reliability in the form of redundant systems, duplicate power supplies, appropriate power conditioning and cooling systems.
7. Regular preventive maintenance must be performed in all systems to protect against alteration or modification.
8. Current systems, or potential systems, must be examined to determine if they can provide tools for protection against intrusion or data alteration without authorization and some form to verify the integrity of the data. If these systems do not have these capabilities the same should be upgraded or replaced.