You are here:  Home » HIPAA » HIPAA – Do Your Policies and Procedures Comply With Security Requirements?

HIPAA – Do Your Policies and Procedures Comply With Security Requirements?

Posted by donna@healthlawcenterplc.com in Sep, 2018

HIPAAIn a recent newsletter issued by the Department of Health and Human Services, Office of Civil Rights, the Office highlights critical considerations when developing policies and procedures to ensure the security of electronic media and devices.  HIPAA requires covered entities and business associates to implement policies and procedures to limit physical access to its electronic information systems and the facility(ies) in which they are housed.

Such considerations include:

  • Is there a record that tracks the location, movement, modifications or repairs, and disposition of devices and media through their lifecycles?
  • Does the organization’s record of device and media movement include the person(s) responsible for such devices and media?
  • Are workforce members (including management, independent contracts and agents, etc.) trained on the proper use and handling of devices and media to safeguard electronic Protected Health Information?
  • Are appropriate technical controls, for example, access controls, audit controls, and encryption, in use?

The Health Law Center assists covered entities (health care providers, clinics, medical group practices, etc.) and business associates (billing companies, IT vendors, subcontractors of business associates, etc.) in ensuring compliance with HIPAA Privacy and Security requirements.  Contact Donna J. Craig, RN, JD to discuss particular HIPAA issues.

Read More of the Office of Civil Rights’ Cyber Security Newsletter

Category:  HIPAA, News & Updates, Professional Development

Post Tagged with , , ,

Comments are closed.

© Copyright The Health Law Center | Website Design & Hosting by WebWorld Advantage