HIPAA (the Health Insurance Portability and Accountability Act) and HITECH (the Health Information Technology for Economic and Clinical Health act) have been around for quite some time. Even so, many companies covered by these laws are way behind when it comes to implementation. When you really think about it, even companies not covered by these laws should have the requisite policies and procedures in place.
Access Control Policy
How are users granted access to programs, client data and equipment? Also includes how administrators are notified to disable accounts.
Security Awareness Training
Organizations must ensure regular training of employees regarding security updates and what to be aware of. You must also keep an audit trail of reminders and communications in case you’re audited.
Malicious Software Controls
You must have documented policies for the frequency with which anti-malware and antivirus software are updated and what happens if an infection/outbreak occurs.
Workstation Use Policy
Requiring secure passwords, monitoring logins and limiting unsuccessful logins are just a few of the basics covered. Policies also need to cover basic security best practices such as not allowing passwords to be written down or shared with others.
Disaster Recovery Plan
How you respond to emergency situations (of all shapes and sizes) must be fully documented and tested regularly. A full Disaster Recovery Plan is something our company can help you with.
Media Disposal Policy
How do you dispose of old computer equipment and data? You must have policies and procedures in place that cover exactly how all equipment is properly disposed of and the disposition logged.
Review And Audit Procedures
There’s much more to HIPAA compliance than the items discussed here; however, be certain also that whatever you do has a firm audit trail/log that shows that everything has been executed according to plan.
These are just starting points. If you’re subject to HIPAA or just want to make sure that your company is covered by these simple best practices, contact our office and we’ll be happy to review these areas with you.
(Image Source: iCLIPART)