Summary of HIPAA Procedures

Summary of HIPAA Administrative Procedures

  • Security certification, Independent mechanisms for security compliance
  • Chain of trust, Agreements establishing equal security and integrity protection between trading partners
  • Contingency plan, Covers standard business continuity plans
  • Processing records mechanism, Describes how information is manipulated
  • Information access control, Describes access authorization, establishment, and modification
  • Internal audit, Establishes how an organization will internally monitor compliance on a regular basis
  • Personnel security, Creates processes for ensuring that personnel are screened and trained
  • Security configuration management, Covers configuration procedures of hardware and software as well as security testing and virus checking
  • Security incident and management, Refers to risk analysis, management, procedures and relevant security policies
  • Termination procedures, Procedures regarding termination of resources
  • Training, User education and awareness on a range of security issues

Summary of HIPAA Physical Safeguards

  • Security Role, Assignment of the security role to particular organization or individual
  • Media controls, Protection of storage media used, for example, in backups
  • Physical access controls, Physical controls for access to information systems
  • Guidelines on workstation use, Guidelines on the end user's role in security management
  • Training, Security awareness training for end users.

Summary of HIPAA Technical Security Services

  • Access control, Covers various types of role-, user-, and context-based access; treats encryption as optional
  • Audit controls, Mechanisms to log and record electronic activity to create audit trails
  • Authorization controls, Provide for user- and role-based access
  • Data authentication, Refers to message integrity; mentions digital signatures as a solution to maintain message integrity
  • Entity authentication, Includes PIN, tokens, and biometric devices for end-entity authentication.

 

CompliancesForum provide FREE template, checklist, and update for your Regulatory Compliance need: Basel II Accord, Gramm Leach Bliley (GLBA), Healthcare Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standards (PCI DSS), Sarbanes Oxley Act (SOA)

Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Reddit
  • Google
  • Yahoo
  • Technorati

User login

Who's online

There are currently 0 users and 1 guest online.

Who's new

  • PreedaJex
  • logsLarostata
  • tesejeora
  • andygriffinkid
  • WooroExteve