Or. Admin. Code § 943-014-0435

Current through Register Vol. 63, No. 12, December 1, 2024
Section 943-014-0435 - Contractor Security Requirements
(1) Contractors must comply with the Security Rule's business associate requirements for electronic protected health information and must comply with both the Privacy Rule and the Security Rule requirements applicable to a business associate.
(2) Contractors must:
(a) Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the protected health information and electronic protected health information that it creates, receives, maintains, or transmits on behalf of the Authority.
(b) Develop and enforce policies, procedures, and documentation standards (including designation of a security official) related to the administrative, physical, and technical safeguards that protect electronic protected health information.
(c) When required by OAR 943-014-0415(5), enter into a business associate agreement with any agent or subcontractor to ensure the agent or subcontractor agrees to implement reasonable and appropriate safeguards to protect electronic protected health information the contractor provides.

Or. Admin. Code § 943-014-0435

OHA 1-2013(Temp), f. & cert. ef. 8-23-13 thru 2-18-14; OHA 1-2014, f. 2-12-14, cert. ef. 2-18-14

Stat. Auth.: ORS 413.042

Stats. Implemented: ORS 179.505, 192.553, 192.556 - 192.581, 413.032, 413.042 & 414.065