URAC HS 10 -- v. 1.1 revision

Submitted by Tom Goddard on Sat, 2008-03-01 19:43.

In upgrading its HIPAA Security standards from v. 1.0 to v. 1.1, URAC has amended its training standard, HS 10, to extend its requirement of training on security reminders and security updates to Business Associate applicants. In v. 1.0, all of the subsections of this mandatory standard on security awareness and training applied only to Covered Entity applicants.

The language of the standard remains the same:

Security Awareness and Training (Required) – The organization implements a security awareness and training program for all members of its workforce (including management). The organization’s policies and procedures address:

(a) Security reminders (Addressable). Periodic security updates; (Applicable to Covered Entities and Business Associates)

(b) Protection from malicious software (Addressable). Procedures for guarding against, detecting and reporting malicious software; (Applicable to Covered Entities only)

(c) Log-in monitoring (Addressable). Procedures for monitoring log-in attempts and reporting discrepancies; and (Applicable to Covered Entities only)

(d) Password management (Addressable). Procedures for creating, changing and safeguarding passwords. (Applicable to Covered Entities only)

Tom Goddard's blog
Login or register to post comments

URAC HS 10 -- v. 1.1 revision

HIPAA Security v. 1.0/1.1

IHS Newsletter

Reach Out