Privacy and Security Policies: A HIPAA-HITECH Checklist

Sunday, July 24, 2011

Jack Anderson

10e258c8d23d441b915c1b2333b6996a

Howard Anderson interviewed former HIPAA enforcer Adam Greene, who stated:

"An important component of preparing for a potential HIPAA compliance audit is to complete a "walk through" to make sure privacy and security policies and procedures are practical and effective."

We have long recommended this informal process and in fact have supplied a short HIPAA Compliance Check List:

HIPAA Compliant Checklist

1.     Have you formally designated a person or position as your organization’s privacy and security officer?

2.    Do you have documented privacy and information security policies and procedures?

3.    Have they been reviewed and updated, where appropriate, in the last six months?

4.    Have the privacy and information security policies and procedures been communicated to all personnel, and made available for them to review at any time?

5.    Do you provide regular training and ongoing awareness communications for information security and privacy for all your workers?

6.    Have you done a formal information security risk assessment in the last 12 months?

7.     Do you regularly make backups of business information, and have documented disaster recovery and business continuity plans?

8.    Do you require all types of sensitive information, including personal information and health information, to be encrypted when it is sent through public networks and when it is stored on mobile computers and mobile storage devices?

9.    Do you require information, in all forms, to be disposed of using secure methods?

10.  Do you have a documented breach response and notification plan, and a team to support the plan?

It is critical that you make sure that your written policies and procedures are the  actual business rules by which you run you company.  The auditor will compare staff actions with the written policies and procedures to see if they match.

Cross-posted from Compliance Helper

Possibly Related Articles:
17490
HIPAA
Healthcare Provider
HIPAA Compliance HITECH Healthcare Guidelines Policies and Procedures
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.