Specifications include, but are not limited to: HIPAA Technical Safeguards Current Design/Configuration Review o Network Architecture Designs Reviews o Virtual Infrastructure Security Reviews o Server Configuration Reviews o Firewall/DMZ and Router Configuration Reviews o Malware Defenses Reviews o VPN Configuration Reviews o Remote Access Security Reviews o Auditing and monitoring procedures Reviews o Use of encryption devices and tools Reviews o Account authorization, provisioning and termination process Reviews o Assess all applications of NuHealth that access or store ePHI HIPAA Administrative Safeguards Risk analysis procedures and demonstration of a risk management process 4 Policies and procedures relevant to operational security, including business associate security requirements Information access on Electronic Health Record systems controls and restriction requirements Security awareness training program Incident response procedures and disaster recovery plan Evidence of periodic technical and nontechnical reviews HIPAA Physical Safeguards Physical access controls, such as building access and appropriate record keeping Policies and procedures for workstation security Proper usage, storage, and disposal of data storage devices Any appropriate security requirements for organization of similar size in the health care industry.