Healthcare Security – Lists
List Name | List Description | Type | List ID |
|---|---|---|---|
HSS: Parent Entities | This list contains all Parent Entities associated with HIPAA, HITECH, and PI. | Entity | -2503 |
HSS: Physical Access Systems | This list is designated for all entities that fall under this category. (HIPAA) | Entity | -2504 |
HSS: Data Storage Systems | This list is designated for all entities that fall under the specified category. (HIPAA) | Entity | -2505 |
HSS: Network Devices | This list is designated for all entities that fall under the specified category. (HIPAA) | Entity | -2506 |
HSS: Workstations | This list is designated for all entities that fall under the specified category. (HIPAA) | Entity | -2507 |
HSS: Production Servers | This list is designated for all entities that fall under the specified category. (HIPAA) | Entity | -2508 |
HSS: Remote Access Systems | This list is designated for all entities that fall under the specified category. (HIPAA) | Entity | -2509 |
HSS: Security Systems | This list is designated for all entities that fall under the specified category. (HIPAA) | Entity | -2510 |
HSS: Test Systems | This list is designated for all entities that fall under the specified category. (HIPAA) | Entity | -2511 |
HSS: Covered Entity IPs | All known IP addresses that are associated with covered entities should be added to this list. (HITECH) | Host | -2512 |
HSS: Threat IPs | This list contains lists from the Threat Intelligence Service Module, and should be used to black list other threatening host IPs. (HITECH) | Host | -2513 |
HSS: Certified EHR Technologies | All in-scope systems that qualify as official certified EHR technologies (PI) | Log Source | -2514 |
HSS: File Integrity Monitoring Systems | Systems that generate file integrity monitoring logs should populate this list. (HITECH) | Log Source | -2515 |
HSS: Systems Containing ePHI | All systems containing any level of ePHI belong in this list. (HITECH) | Log Source | -2516 |
HSS: All Network and System Access Log Sources | All systems that log network traffic, including but not limited to firewalls, proxy systems, routers, switches, VPN access points, Active Directory and other related systems belong in this list. (HITECH) | Log Source | -2517 |
HSS: ePHI Associated Applications | Applications associated with ePHI and EHR belong in this list. (M/H/H) | Application | -2518 |
HSS: Primary Eligible Professionals | This list is for signed and designated eligible professionals who write MORE than 100 prescriptions per reporting period. (PI) | User | -2519 |
HSS: Secondary Eligible Professionals | This list is for signed and designated eligible professionals who write LESS than 100 prescriptions per reporting period. (PI) | User | -2520 |
HSS: Business Associates | Business associate, vendor accounts should be listed here. (HITECH) | User | -2521 |
HSS: Test Accounts | Any account utilized for testing purposes belongs here. (HITECH) | User | -2522 |
HSS: Privileged Accounts | Populate this list with privileged accounts, especially accounts that have access to ePHI data. (H/H) | User | -2523 |
HSS: Terminated Accounts | Accounts that have been disabled or terminated should be added to this list. (H/H) | User | -2524 |
HSS: Role Based Accounts | Role based accounts are to be utilized only with the access of an associated unique identifier. Add role based accounts to this list. (H/H) | User | -2525 |
HSS: Web Access Accounts | Accounts used for website access belong in this list. (H/H) | User | -2526 |
HSS: DMZ Networks | This is designated for DMZ networks. | Network | -2527 |
HSS: Internal Networks | Internal non-DMZ networks belong here. | Network | -2528 |
HSS: Wireless Networks | Wireless networks should be added here. | Network | -2529 |
HSS: Protected Networks | List protected ePHI networks here. | Network | -2530 |
HSS: Testing Networks | Test network environments should be added here. | Network | -2531 |