CalOHI Security Policy Memoranda Quick Links
2007-16: HIPAA Security Glossary
2006-77-Revised: Revised Security Incident Reporting
2006-77: Security Incident Reporting
2005-75: Integrity
2005-74: Requirements for Group Health Plans
2005-73: Audit Controls
2005-71: Encryption
2005-70: Evaluation
2005-69: Workforce Security
2005-68: Access Administration
2005-67: Access Controls
2005-66: Workstation Use & Workstation Security
2005-65: Information Access Management
2005-64: Security Incident Procedures
2005-63: Facility Access Controls
2005-62: Contingency Plan
2005-61: Security Management Training
2005-60: Device and Media Controls
2005-59: Assigning Security Responsibility
2005-58: HIPAA Security Sanction Policy
2005-57: HIPAA Security Training
2005-56-S: Security Management Process Tools - Supplement
2005-56: Security Management Process
2005-55: HIPAA Security Implementation Project Assessment
2005-54: HIPAA Security Rule Organizational Requirements
2004-43: HIPAA Security Rule Implementation
2004-40: HIPAA Implementation Schedules for the Employer Identifier Number (EIN), Security, and National Provider Identifier (NPI) Rules
CalOHI Policy Memoranda
IM 2007-16 (Issue Date:7/9/07)
HIPAA Glossary (DOC-110K)
Exhibit 1: Security Glossary (DOC-2M)
Exhibit 2: EIN Glossary (110K)
PM 2006-77-Revised (Issue Date:12-7-06)
Revised Security Incident Reporting (DOC-114K)
Exhibit 1 - Incident Reporting Form (DOC-254K)
2006-77 (Issue Date: 4-3-06)
Security Incident Reporting (DOC-108K)
HIPAA Supplemental Security Incident Report Form (DOC-250K)
Background Document (DOC-199K)
2005-75 (Issue Date: 10-28-05)
Integrity (DOC- 135K)
Download all 2005-75 Documents (ZIP - 2M)
Exhibit 1: Chapter 16, Integrity (DOC - 2M)
Exhibit 2: Factors for Selecting Integrity Safeguards (DOC - 125K)
Exhibit 3: Electronic Protected Health Information Integrity Controls (DOC - 73K)
Exhibit 4: Integrity Scope Checklist (DOC - 71K)
2005-74 (Issue Date: 7-22-05)
Requirements for Group Health Plans (136K - DOC)
Exhibit 1: Chapter 22, Requirements for Group Health Plans (342K - DOC)
Exhibit 2: Requirement for Group Health Plans Background Document (130K - DOC)
2005-73 (Issue Date: 7-19-05)
Audit Controls (137K - DOC)
Exhibit 1: Chapter 15, Audit Controls (700K - DOC)
Exhibit 2: Electronic Protected Health Information Audit Controls Checklist (80K - DOC)
Exhibit 3: Audit Controls Background Documents (128K - DOC)
2005-71 (Issue Date: 7-12-05)
Encryption (168K - DOC)
Download All 2005-71 Documents (1.2M - ZIP)
Exhibit 1, Chapter 20, Encryption (1.5MB - DOC)
Exhibit 2, Encryption and Decryption Definitions (145K - DOC)
Exhibit 3, Electronic Protected Health Information Encryption Survey Form (149K - DOC)
Exhibit 4, Sample Encryption Policy (68K - DOC)
Exhibit 5, Encryption Decision Tool (74K - DOC)
Exhibit 6, Background Document (122K - DOC)
2005-70 (Issue Date: 6-21-05)
Evaluation (205K - DOC)
Exhibit 1, Chapters 19: Evaluation (369K - DOC)
Exhibit 2, HIPAA Security Evaluation (192K - DOC)
Exhibit 3, Evaluation Background Document (111K - DOC)
2005-69 (Issue Date: 6-13-05)
Workforce Security (133K - DOC)
Exhibit 1: Chapter 5, Workforce Security (746K - DOC)
Exhibit 2: Sample Nondisclosure Agreement (62K - DOC)
Exhibit 3: Sample Workforce Clearance Procedure (92K - DOC)
Exhibit 4: Workforce Security Background Document (124K - DOC)
2005-68 (Issue Date: 6-13-05)
Access Administration (137K - DOC)
Exhibit 1: Chapter 17, Access Administration (985K - DOC)
Exhibit 2: Staff Authorization and/or Supervision Tool (61K - DOC)
Exhibit 3: Access Administration Background Document (130K - DOC)
2005-67 (Issue Date: 6-13-05)
Access Controls (166K - DOC)
Exhibit 1: Chapter 14, Access Controls (533K - DOC)
Exhibit 2: Request for Information System Access (79K - DOC)
Exhibit 3: Access Controls Background Document (85K - DOC)
2005-66(Issue Date: 5-12-05)
Workstation Use & Workstation Security (191K - DOC)
Exhibit 1: Chapter 6, Workstation Use, and Chapter 7, Workstation Security (608K - DOC)
Exhibit 2: Workstation Inventory (62K - DOC)
Exhibit 3: Access Authorization Form (62K - DOC)
Exhibit 4: Workstation Use & Security Background Document (106K - DOC)
2005-65 (Issue Date: 4-22-05)
HIPAA Security Rule - Information Access Management (114K - DOC)
Exhibit 1: Chapter 8, Information Access Management (504K - DOC)
Exhibit 2: Master Access Record (65K - DOC)
Exhibit 3: Chapter 8, Information Access Management Background Document (131K - DOC)
2005-64 (Issue Date: 4-14-05)
HIPAA Security Rule - Security Incident Procedures (132K - DOC)
Exhibit 1: Chapter 9, Security Incident Procedures (430K - DOC)
Exhibit 2: Security Incident Report Form (97K - DOC)
Exhibit 3: Chapter 9, Security Incident Procedures Background Document (211K - DOC)
2005-63 (Issue Date: 4-14-05)
Facility Access Controls (137K - DOC)
Exhibit 1: Chapter 12, Facility Access Controls (719K - DOC)
Exhibit 2: Visitors Log (68K - DOC)
Exhibit 3: Facility Maintenance Record (94K - DOC)
Exhibit 4: Facility Access Controls Background Document (139K - DOC)
2005-62 (Issue Date: 4-13-05)
HIPAA Security Rule - Contingency Plan (193K - DOC)
Download All 2005-62 Documents (1.5M - ZIP)
Exhibit 1: Chapter 11, Contingency Plan (1M - DOC)
Exhibit 2: Appendix to Chapter 11, Contingency Plan (500K - DOC)
Exhibit 3: Chapter 11, Contingency Plan Glossary (345K - DOC)
Exhibit 4: Responsibilities of the Operations Recovery Management Teams (250K - DOC)
Exhibit 5: Recovery Team Leaders and Alternates Roster (120K - DOC)
Exhibit 6: Recovery Team Members Rosters (67K - DOC)
Exhibit 7: Vendor Contact Form (121K - DOC)
Exhibit 8: Operation Recovery Management Checklist (77K - DOC)
Exhibit 9: Damage Assessment Checklist (149K - DOC)
Exhibit 10: Physical Security Checklist (110K - DOC)
Exhibit 11: Communications Checklist (66K - DOC)
Exhibit 12: Hardware Installation Checklist (119K - DOC)
Exhibit 13: IT Operations Team Checklist (85K - DOC)
Exhibit 14: IT Technical Team Checklist (64K - DOC)
Exhibit 15: Administration Checklist (72K - DOC)
Exhibit 16: Disaster Procedures Form (73K - DOC)
Exhibit 17: Alternate Site Cost Considerations Template (70K - DOC)
Exhibit 18: Contingency Planning Tools (61K - DOC)
Exhibit 19: Chapter 11, Contingency Plan Background Documents(354K - DOC)
2005-61 (Issue Date: 3-24-05)
Security Management Training (109K - DOC)
Download all 2005-61 Documents (3.1m - ZIP)
Exhibit 1: Security Management Presentation (2M - PPT)
Exhibit 2: Presentation Agenda (328K - DOC)
Exhibit 3: Risk Analysis Team, Exercise #1 (645K - DOC)
Exhibit 4: Risk Analysis Business Scenario, Exercise #2 (263K - DOC)
Exhibit 5: Risk Management Team, Exercise #3 (658K - DOC)
Exhibit 6: Risk Management Business Scenario, Exercise #4 (311K - DOC)
Exhibit 7: Business Scenario Impact/Cost Sheet for Exercise #4 (101K - DOC)
Exhibit 8: Facilitator's Guide (437K - DOC)
Exhibit 9: Resources and Links (52K - DOC)
2005-60 (Issue Date 3-4-05)
Device and Media Controls (103K - DOC)
Exhibit 1: Chapter 13 - Device and Media Controls (336K - DOC)
Exhibit 2: Inventory and Tracking Sheet (97K - DOC)
Exhibit 3: Device Media Tracking Sheet (89K - DOC)
Exhibit 4: Background Document (119K - DOC)
2005-59 (Issue Date: 2-25-05)
Assigning Security Responsibility (108K - DOC)
Exhibit 1: Chapter 3 - Assigning Security Responsibility (669K - DOC)
Exhibit 2: HIPAA Security Official Roles and Responsibilities (62K - DOC)
Exhibit 3: Background Document (108K - DOC)
2005-58 (Issue Date: 2-14-05)
HIPAA Security Sanction Policy (169K - DOC)
Exhibit 1: Chapter 23, Sanction Policy (421K - DOC)
Exhibit 2: Sample Security and Confidentiality Acknowledgement Form (53K - DOC)
Exhibit 3: Background Document (123K - DOC)
2005-57 (Issue Date: 2-11-05)
HIPAA Security Training (134K - DOC)
Download all 2005-57 Documents (2.1m - ZIP)
Exhibit 1: Chapter 18 - Security Awareness and Training (445K - DOC)
Exhibit 2: Sample Security and Confidentiality Acknowledgement (55K - DOC)
Exhibit 3: Security Awareness Training PowerPoint Presentation (2M - PPT)
Exhibit 4: NIST-Based HIPAA Security Training Matrix (89K - XLS)
Exhibit 5: Security Awareness and Training Program User's Guide (455K - DOC)
Exhibit 6: Security Awareness Brochure (42K - DOC)
Exhibit 7: Background Document (106K - DOC)
2005-56-S(Issue Date: 2-18-05)
Security Management Process Tools - Supplement (118K - DOC)
Exhibit 14: Risk Determination Matrix (77K - DOC)
Exhibit 15: Security Control Evaluation FOrm (DOC - 61K)
Exhibit 16: Cost/Benefit Analysis Form (69K - XLS)
Exhibit 17: Cost Implementation Plan Tracking (60K - DOC)
Exhibit 18: Address Residual Risk Form (60K - DOC)
2005-56 (Issue Date: 2-10-05)
HIPAA Security Rule - Security Management Process (154K - DOC)
Download all 2005-56 Documents (2M - ZIP)
Exhibit 1: Chapter 4 - Security Management Process (1M - DOC)
Exhibit 2: Chapter 4 Appendix - Security Controls and Control Review Tools (665K - DOC)
Exhibit 3: Sample Risk Analysis Summary Tool (135K - DOC)
Exhibit 4: System Characterization (94K - DOC)
Exhibit 5: Threat Identification (88K - DOC)
Exhibit 6: Vulnerability Identification (90K - DOC)
Exhibit 7: Security Control Gap Analysis (106K - DOC)
Exhibit 8: Sample Completed Risk Analysis Tool (134K - DOC)
Exhibit 9: Sample Risk Management Summary Tool (58K - DOC)
Exhibit 10: Control Rating Form (94K - DOC)
Exhibit 11: Control Review Tracking Form (78K - DOC)
Exhibit 12: Security Management Process Terms and Definitions (94K - DOC)
Exhibit 13: Background Document (305K - DOC)
Exhibit 14: Risk Determination Matrix (77K - DOC)
Exhibit 15: Security Control Evaluation FOrm (61K - DOC)
Exhibit 16: Cost/Benefit Analysis Form (69K - XLS)
Exhibit 17: Cost Implementation Plan Tracking (60K - DOC)
Exhibit 18: Address Residual Risk Form (60K - DOC)
2005-55 (Issue Date: 1-7-05)
HIPAA Security Implementation Project Assessment (141K - DOC)
Exhibit 1- Instructions - Security Implementation Assessment (222K - DOC)
Exhibits 2-5 - Possible Assignments, HIPAA Crosswalk to ISO Resources, HIPAA Crosswalk to NIST Resources (272K - XLS)
2005-54 (Issue Date: 1-4-05)
HIPAA Security Rule Organizational Requirements (146K - DOC)
Exhibit 1 - HIPAA Security Rule Work Plan (112K - DOC)
Exhibit 2 - Chapter 21, Organizational Requirements - Policies and Procedures, and Documentation (282K - DOC)
Exhibit 3 - Matrix of Standards and Implementation Specification Solutions List (104K - XLS)
Exhibit 4 - Policies and Procedures, and Documentation Background Document (194K - DOC)
2004-43 (Issue Date:5-7-04)
Download all 2004-43 Documents (588K - ZIP)
HIPAA Security Rule Implementation (141K - DOC)
Exhibit 1: Security Implementation Workplan (101K - DOC)
Exhibit 2: Summary of the Final Rule (116K - DOC)
Exhibit 3: Guidelines for Security Tools/Templates Use - Mapping the Flow of EPHI and Gap Analysis of Business Practices (91K - DOC)
Exhibit 3A: HIPAA Security Questionnaire (120K - DOC)
Exhibit 3B: Data Flow Questionnaire on EPHI (96K - DOC)
Exhibit 3C: Overview of EPHI Flow Within An Organization (57K - XLS)
Exhibit 3D: Gap Analysis of HIPAA Security Business PracticesExhibit 3E: Business Associate Agreement Gap Analysis (107K - XLS)
Exhibit 4: Baseline Security Requirements (119K - DOC)
2004-40 (Issue Date:3-22-04)
HIPAA Implementation Schedules for the Employer Identifier Number (EIN), Security, and National Provider Identifier (NPI) Rules (113 - DOC)
Exhibit 1: HIPAA Employer Identification Number (EIN) Implementation Schedule (62K - XLS)
Exhibit 2: HIPAA Security Implementation Schedule (71K - XLS)
Exhibit 3: HIPAA National Provider Identifier (NPI) Implementation Schedule (63K - XLS)