HIPAA Compliance Checklist
Conducting a thorough self-assessment is the best way to prepare for the upcoming HIPAA compliance audits, regulators and other experts advise. Other key steps include creating detailed documentation and being ready to describe how security incidents were handled, prove staff members have received training and demonstrate security controls.
Make sure policies and procedures are up-to-date and relevant. Then check to make sure you're actually carrying out those guidelines.
Healthcare organizations should conduct their own compliance audits to make sure everyone is adhering to spelled-out policies. For example, if all computers are supposed to have an automatic log-off function, check to make sure that's actually the case.
Be certain that individuals assigned security responsibilities are ready to articulate their practices and demonstrate compliance.
The best way to build faith among auditors, the consultant says, is if security staff members sound like they know what they are doing.
Ensure that everyone involved in the incident response process understands their roles. And don't forget to document security incident responses.
Auditors will ask for a list of your security incidents and how you handled them. For auditors, this is a valuable source of ideas for focusing their investigations.
Be ready to demonstrate that security controls are actually working.
For example, if an auditor says, I want to see how you handle access control, the organization must be able to describe the process in great detail. Demonstrating controls is about building confidence that you have a security program and you know what you're doing and can show the results of what you are doing.
Make sure your organization has an up-to-date risk analysis for the entire enterprise.
Information security auditors want to know the basis of your program and your controls and whether or not you've actually identified what the risks are in your environment. They want to know if you have organized your security program around an appreciation of where those risks are.Make sure policies and procedures are up-to-date and relevant. Then check to make sure you're actually carrying out those guidelines.
Healthcare organizations should conduct their own compliance audits to make sure everyone is adhering to spelled-out policies. For example, if all computers are supposed to have an automatic log-off function, check to make sure that's actually the case.
Be certain that individuals assigned security responsibilities are ready to articulate their practices and demonstrate compliance.
The best way to build faith among auditors, the consultant says, is if security staff members sound like they know what they are doing.
Ensure that everyone involved in the incident response process understands their roles. And don't forget to document security incident responses.
Auditors will ask for a list of your security incidents and how you handled them. For auditors, this is a valuable source of ideas for focusing their investigations.
Be ready to demonstrate that security controls are actually working.
For example, if an auditor says, I want to see how you handle access control, the organization must be able to describe the process in great detail. Demonstrating controls is about building confidence that you have a security program and you know what you're doing and can show the results of what you are doing.
Comments
Post a Comment