As we have previously noted, the risk analysis process is an inventory and reporting process. As part of risk analysis, you will determine which safeguards to implement. It's important for the implementation of safeguards to be backed up by security and privacy policies that require them. Security and privacy policies serve as the foundation of your HIPAA framework. Without security and privacy policies, it will be difficult for you to hold individuals accountable for implementing and configuring effective safeguards.

Security and privacy policies are high-level rules of the road for your systems and networks and for the individuals who operate your systems and networks. You want to be able to enforce the HIPAA privacy rule, and to do that, you need policies. Policies are in fact one form of safeguard, and their existence defines the overall safeguards for the entire information technology infrastructure, including all medical records that need to be secured for HIPAA. Security and privacy policies should include roles and responsibilities, and indicate which office administrators, system administrators, doctors , and anyone have privileges to access the information, and update it. Policies should include rules of behavior, as well as configuration guidance, and may include the following systems and technology topics:

  • Access control devices

  • Anti-virus software and systems

  • Applications

  • Authentication systems

  • Biotechnology systems

  • Data classification

  • DHCP servers

  • DNS servers

  • Encryption mechanisms

  • File & print servers

  • Firewalls

  • Gateways

  • IP addressing

  • Messaging systems

  • Network architecture

  • Operating systems

  • Physical security

  • Routers and switches

  • Virtual private networks (VPNs)

  • Web services

Security and privacy policies need to be documented, and are not real if they exist only in someone's head. They need to be accessible, and available for reference and updating. It will be tough to hold a systems administrator responsible for enforcing them if they are not known, and are not readily available.

HIPAA Security Implementation, Version 1.0
HIPAA Security Implementation, Version 1.0
ISBN: 974372722
Year: 2003
Pages: 181

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net