Find information related to security reviews, shared responsibility, definitions of roles, vendor expectations, and more.
This document contains links to the MUHC Information Security Office documents regarding risk management of third-party solutions and systems.
The purpose of this document is to provide an overview of MUHC’s requirements for the Information System Activity Review implementation specification of the HIPAA Security Rule.
This document outlines roles, responsibilities, and processes for managing access to department-managed cloud applications, ensuring compliance with HIPAA Security Rule requirements for protecting electronic protected health information (ePHI).
The MUHC Information Security Triage Form contains the basic information needed from the business owner to initiate an information security review. Through and specific responses help facilitate a more efficient review. This includes the specific scope for the implementation plan (devices, connections, integrations, applicable use cases, data, model of medical devices, etc.).
The purpose of this document is to provide a screen process for the following:
Like-for-Like replacement or additional purchases of medical equipment.
Solutions (software, application, service) renewals.
Adding new functionality or modules within an existing solution.