|
Health Insurance Portability and Accountability Act (HIPAA) compliance is vital to your organization. It affects all facets of your business including your computer systems. HIPAA requirements are outlined in detail in the Federal Register, Part II, Department of Health and Human Services, Office of the Secretary, 45 CFR Parts 160, 16 ,and 164 Health Insurance Reform: Security Standards; Final Rule. Specific guidelines for the protection of electronic health information as well as the requirements for computer/electronic security standards are discussed in 45 CFR 164 Subpart C. Are your computer and electronic systems HIPAA compliant? - Security Management: Do you have a security management process?
- Assigned Security Responsibility: Is someone assigned security responsibility? Who has administrative access to your servers?
- Security Awareness: Have you and your staff been a part of security awareness training?
- Contingency Plan: Do you have a contingency plan? What happens if your computers / servers are stolen? What happens if you experience total data loss? Are you backing up your data on a nightly basis? Are your backups working? Have you tested the quality of your data backups -- can data actually be restored?
- Workstation Security: Have you implemented workstation security? Are your passwords more than 30-days old? Do you share passwords with others? Do multiple people use the same username and login?
- Access Control / Information Access Management: Does everyone have access to the same information on your network or is network access based on job function?
|
