OAR 943-014-0435
Contractor Security Requirements


(1)

Contractors must comply with the Security Rule’s business associate requirements for electronic protected health information and must comply with both the Privacy Rule and the Security Rule requirements applicable to a business associate.

(2)

Contractors must:

(a)

Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the protected health information and electronic protected health information that it creates, receives, maintains, or transmits on behalf of the Authority.

(b)

Develop and enforce policies, procedures, and documentation standards (including designation of a security official) related to the administrative, physical, and technical safeguards that protect electronic protected health information.

(c)

When required by OAR 943-014-0415 (General Business Associate Requirements)(5), enter into a business associate agreement with any agent or subcontractor to ensure the agent or subcontractor agrees to implement reasonable and appropriate safeguards to protect electronic protected health information the contractor provides.

Source: Rule 943-014-0435 — Contractor Security Requirements, https://secure.­sos.­state.­or.­us/oard/view.­action?ruleNumber=943-014-0435.

Last Updated

Jun. 8, 2021

Rule 943-014-0435’s source at or​.us