11 results found
-
Scope of the Assessment - Description on Access
Description of how the Systems are Accessed by all parties should be a separate column and not embedded in the Description portion. It is not intuitive that Access is part of the Description. Access is a separate attribute and should be treated as such.
2 votes -
Business Associate Domain 19
Can there be an additional risk factor question for business associates that asks whether they have any responsibility for handling ePHI/PHI requests from end users/consumers (e.g. disclosures, restrictions in writing)?
Domain 19 has many requirements that are focused on covered entities, and if a BA can confirm they would never be involved in the handling of ePHI requests from end users/consumers I think it would remove several requirements that wind up being N/A and would provide clarity during QA.
5 votes -
change sort order of presets to align with assurance levels
change the left to right sort order of assessment presets to align with assurance provided....r2 should be left, i1 center, e1 right.
1 vote -
Allow select-all for Facilities in Platforms/Systems table
When selecting the facilities where a platform/system is running, have the option to select all facilities rather than needing to go one-by-one.
2 votes -
Applications & Databases are mandatory fields in the Platforms/Systems table, mark them as such when the table is being filled out.
When completing the Platforms/Systems table, some fields are marked mandatory. The Applications & Databases fields are not. However, HITRUST QA requires something to be included here. Please mark these fields as mandatory up front to minimize these QA tasks/findings.
2 votes -
Organize compliance factors by type
It would be helpful to organize the various authoritative sources on the factors page by type, similar to how the sources are organized in Microsoft's Trust Center. See pic for their example.
2 votes -
Data Clean Up
remove acccess to previous subscriber's data if non renewal
4 votes -
Suggestive Factor Changes
MyCSF should have a mechanism to suggest scoping factor changes based upon a pattern of Not Applicables applied when responding to the Assessment
5 votes -
Separate discretionary factors from mandatory factors
I'd like to see the scoping factors that are optional / discretionary (namely the regulatory factors) clearly labeled as such, or even moved into their own page containing a disclaimer that they are optional. For the rest of the factors (which MUST be accurate), I'd like to see them clearly labeled as such or on their own page with a tagline describing that they must be accurately entered.
33 votes -
[BL] Information button for Administrative Details and Factors tab
When customer is selecting and inputting data in the Administrative Details and Factors tab have the information button for each question like in 1.0- definition for each org type question and reg factor
2 votes -
[BL] Allow Assessors to Generate Assessments in Preview State
Give the Assessor Organizations the ability to populate Assessments with Library Versions that are either in the state of "Published" or "Preview"
1 vote
- Don't see your idea?