§ 3.106 Security requirements.
(a) Application. A PSO must secure patient safety work product in conformance with the security requirements of paragraph (b) of this section. These requirements must be met at all times and at any location at which the PSO, its workforce members, or its contractors receive, access, or handle patient safety work product. Handling patient safety work product includes its processing, development, use, maintenance, storage, removal, disclosure, transmission and destruction.
(b) Security framework. A PSO must have written policies and procedures that address each of the considerations specified in this subsection. In addressing the framework that follows, the PSO may develop appropriate and scalable security standards, policies, and procedures that are suitable for the size and complexity of its organization.