MU-Security

1. Assign a unique name and/or number for identifying and tracking user identity and establish controls that permit only authorized users to access electronic health information.

2. Permit authorized users (who are authorized for emergency situations) to access electronic health information during an emergency.

3. Terminate an electronic session after a predetermined time of inactivity.

4. Encrypt and decrypt electronic health information according to user-defined preferences (e.g., backups, removable media, at log-on/off) in accordance with the standard specified in Table 2B row 1.

5. Encrypt and decrypt electronic health information when exchanged in accordance with the standard specified in Table 2B row 2.

6. Record actions (e.g., deletion) related to electronic health information in accordance with the standard specified in Table 2B row 3 (i.e., audit log), provide alerts based on user-defined events, and electronically display and print all or a specified set of recorded information upon request or at a set period of time.

7. Verify that electronic health information has not been altered in transit and detect the alter- ation and deletion of electronic health information and audit logs in accordance with the stand- ard specified in Table 2B row 4.

8. Verify that a person or entity seeking access to electronic health information is the one claimed and is authorized to access such information.

9. Verify that a person or entity seeking access to electronic health information across a net- work is the one claimed and is authorized to access such information in accordance with the standard specified in Table 2B row 5.

10. Record disclosures made for treatment, payment, and health care operations in accordance with the standard specified in Table 2B row 6.