Summary of HIPAA Procedures

Summary of HIPAA Administrative Procedures

• Security certification, Independent mechanisms for security compliance
• Chain of trust, Agreements establishing equal security and integrity protection between trading partners
• Contingency plan, Covers standard business continuity plans
• Processing records mechanism, Describes how information is manipulated
• Information access control, Describes access authorization, establishment, and modification
• Internal audit, Establishes how an organization will internally monitor compliance on a regular basis
• Personnel security, Creates processes for ensuring that personnel are screened and trained
• Security configuration management, Covers configuration procedures of hardware and software as well as security testing and virus checking
• Security incident and management, Refers to risk analysis, management, procedures and relevant security policies
• Termination procedures, Procedures regarding termination of resources
• Training, User education and awareness on a range of security issues

Summary of HIPAA Physical Safeguards

• Security Role, Assignment of the security role to particular organization or individual
• Media controls, Protection of storage media used, for example, in backups
• Physical access controls, Physical controls for access to information systems
• Guidelines on workstation use, Guidelines on the end user's role in security management
• Training, Security awareness training for end users.

Summary of HIPAA Technical Security Services

• Access control, Covers various types of role-, user-, and context-based access; treats encryption as optional
• Audit controls, Mechanisms to log and record electronic activity to create audit trails
• Authorization controls, Provide for user- and role-based access
• Data authentication, Refers to message integrity; mentions digital signatures as a solution to maintain message integrity
• Entity authentication, Includes PIN, tokens, and biometric devices for end-entity authentication.