Back

Establish, implement, and maintain an authorized representatives policy.


CONTROL ID
13798
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a digital identity management program., CC ID: 13713

This Control has the following implementation support Control(s):
  • Include authorized representative life cycle management requirements in the authorized representatives policy., CC ID: 13802
  • Include any necessary restrictions for the authorized representative in the authorized representatives policy., CC ID: 13801
  • Include suspension requirements for authorized representatives in the authorized representatives policy., CC ID: 13800
  • Include the authorized representative's life span in the authorized representatives policy., CC ID: 13799


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Prior to making their systems available on the Union market, where an importer cannot be identified, providers established outside the Union shall, by written mandate, appoint an authorised representative which is established in the Union. (Article 25 1., Proposal for a Regulation of The European Parliament and of The Council Laying Down Harmonized Rules On Artificial Intelligence (Artificial Intelligence Act) and Ameding Certain Union Legislative Acts)
  • Implementation specification: Deceased individuals. If under applicable law an executor, administrator, or other person has authority to act on behalf of a deceased individual or of the individual's estate, a covered entity must treat such person as a personal representative under this subchapter, w… (§ 164.502(g)(4), 45 CFR Part 164 - Security and Privacy, current as of July 6, 2020)
  • Implementation specification: Unemancipated minors. If under applicable law a parent, guardian, or other person acting in loco parentis has authority to act on behalf of an individual who is an unemancipated minor in making decisions related to health care, a covered entity must treat such person as… (§ 164.502(g)(3)(i), 45 CFR Part 164 - Security and Privacy, current as of July 6, 2020)
  • Implementation specification: Adults and emancipated minors. If under applicable law a person has authority to act on behalf of an individual who is an adult or an emancipated minor in making decisions related to health care, a covered entity must treat such person as a personal representative under… (§ 164.502(g)(2), 45 CFR Part 164 - Security and Privacy, current as of July 6, 2020)
  • Limited uses and disclosures when the individual is not present. If the individual is not present, or the opportunity to agree or object to the use or disclosure cannot practicably be provided because of the individual's incapacity or an emergency circumstance, the covered entity may, in the exercis… (§ 164.510(b)(3), 45 CFR Part 164 - Security and Privacy, current as of July 6, 2020)
  • A covered entity may use or disclose protected health information to notify, or assist in the notification of (including identifying or locating), a family member, a personal representative of the individual, or another person responsible for the care of the individual of the individual's location, … (§ 164.510(b)(1)(ii), 45 CFR Part 164 - Security and Privacy, current as of July 6, 2020)
  • Signature of the individual and date. If the authorization is signed by a personal representative of the individual, a description of such representative's authority to act for the individual must also be provided. (§ 164.508(c)(1)(vi), 45 CFR Part 164 - Security and Privacy, current as of July 6, 2020)
  • The CSP SHALL establish written policy and procedures as to how a trusted referee is determined and the lifecycle by which the trusted referee retains their status as a valid referee, to include any restrictions, as well as any revocation and suspension requirements. (5.3.4 2, Digital Identity Guidelines: Enrollment and Identity Proofing, NIST SP 800-63A)
  • In addition to the information and fee described in paragraph (a) of this subsection, a representative who seeks to place a security freeze on a protected consumer's consumer report or protective record shall provide sufficient proof of the representative's authority to act on the protected consumer… (§ 646.606(3)(b)(A), Oregon Revised Statutes, Chapter 646a, Sections 646A.600 thru 646A.624, Identity Theft Protection Act, 2007 Statutes)