The HIPAA Security Regulations have a compliance deadline of April 20, 2005. Compliance requires a complete inventory and analysis of all applications and information flows, as well as a complete health information Risk Analysis. In addition, all security compliance activities, policies, and procedures must be thoroughly documented.
Compliance with the Security Rule is not “just an IT department thing.” About half the requirements are administrative, and compliance involves everyone in your organization. HIPAA Security is all about having an information security process.
Compliance requires a top-to-toe evaluation of your organization’s systems and security practices and its existing policies and procedures.
Has your organization done all the documentation of systems, detailed risk analysis, policy & procedure implementation, and workforce security training needed to attain HIPAA Security Rule compliance?
Lewis Creek Systems HIPAA Security Compliance Services can provide the experienced assistance you need to meeting all the requirements of the Security Rule.
For instance, CFR §164.308(a)(7), a single regulation section concerning Contingency Planning requires that a covered entity:
• Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.
This standard includes a number of implementation requirements that must be addressed for each system in order to meet the standard, including:
• Data Backup Plan
• Disaster Recovery Plan
• Emergency Mode Operation Plan
• Testing and Revision Procedures
• Applications and Data Criticality Analysis
Overall there are literally hundreds of details to be addressed, each requiring an understanding of the risks to information security as well as thorough justification and documentation of compliance actions taken.
What is the Compliance Process?
1) The first step in reaching compliance with HIPAA Security requirements is to perform a detailed assessment of information flows and analysis of risk exposures for all health information.
2) Technological or physical measures can be taken to reduce risk exposures and policies and procedures can be implemented to meet the extensive requirements in the rule as well as address the risks exposed in the analysis.
3) Once new policies, procedures, and practices are established, workforce training is conducted to meet requirements and enable the necessary institutional culture of privacy and security.
Lewis Creek Systems has the experience to assist you and your organization in all of these critical tasks. Contact us for further information or a free preliminary quotation for services.
Click here for a one-page PDF version of the information on this page.