2. The importance of Security Audits Conduct Audits regularly, and as part of any upgrade or training effort. Document and file the results of each audit. Understand how important these are to forming and updating security policy. Ensure your technical components are capable of meeting your security expectations. Update hardware as necessary. Be prepared to address any gaps revealed through the audits and conduct risk analyses before implementing solutions.
3. Features for Technical Security Intrusion Detection Systems, such as HP OpenView Encryption and proper maintenance of encryption keys Anti-Virus auto-scanning for all downloads, emails, and nightly for the network. Configure system privileges appropriate for each level of work that is needed.
4. Technology Infrastructure Ideas Technology specifications for safeguards will be different for each covered entity. There is no set configuration of hardware or software for everyone. All technologies used must meet or exceed HIPAA required safeguards. Content filtering, firewalls, access tokens, and timeouts are all ways to increase security.
5. Network Safeguards Restrict personal device use on the network. Access tracking logs for all files Implement high password-strength requirements Layer your protection on your network, for example with firewalls, a honey pot and an authentication server. Install protection and tracking features at all levels of the network, from applications down to hardware. Limit displays to need-to-know applications for each relevant work area.
6. Indicate Levels of Responsibility Each user responsible for what happens under their login. Maintain a locked workstation policy anytime a terminal needs to be unattended. For technical or password issues, have a supervisor or helpdesk responsible for solutions. For network or organization-wide issues or suggestions, have a committee or team responsible for implementing solutions. Use a ticket system if that will help with efficiency and organizing queries.
7. Incident Procedures Have a designated response team. Identify, report, and respond to all known or suspected incidents. This is a required safeguard. Ensure the Privacy Officer is notified in every instance. Determine what criteria, tools, and communication methods need to be used. Determine or review what the desired recovery method and desired outcome will be.
8. Contingency Plans Are of upmost importance for maintaining security and compliance. Are designed as part of the HIPAA required technical safeguards, as with backups. Can be the difference between a security attack and network loss. Document Contingency Procedures and any incidents when whey are used. Reporting can be key to forming policy if a common flaw is found.
9. Importance of Documentation Information Security Policies are necessary, and management cannot just assume that everyone knows the company’s security needs. Anyone joining the company is unaware of the company’s security needs until they are shown a policy. Having a documented policy can reduce liability damages and fines in the event of a serious breach. Work directly with the Chief Information Officer on what can be done to maintain compliance.
10. Service Level Agreements Be sure to maintain SLA’s with all of your providers including your ISP contract. Keep all BA agreements on file and ensure they are maintained to the required extent. Ensure all PHI is handled appropriately or de-identified as necessary. Ensure any remote storage agreements are upheld to legal and contract specifications.
11. Security Policy Management State a Purpose. Include permitted uses for workstations and applications. Monitor compliance. Understand that security policy is ongoing and adaptable. Have a committee responsible for policy development. Maintain a hard copy on file, especially of any changes.
12. Summary and Credits Important Points: Maintain Documentation Keep staff informed Ensure multiple security features are in place. Chapters 13, 21, 22, and 25 were used to source the material for this slideshow.