Solved

HIPAA Risk Analysis

Posted on 2011-03-23
3
494 Views
Last Modified: 2012-05-11
I want to know where I can find some information for Hippa, with regards to a client who is looking to become Hipaa complaint in a small office environment.

This is within a Windows environment.

Lastly, is there a way I can possibly hire someone to subcontract for this position?
0
Comment
Question by:vulture714
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 35206052
A quick answer is to search and review the many available "HIPAA Best Practices"

First question, does the firm have an existing HIPAA compliant application that manages the data and access to it?

You would need to get the big picture on what is where and analyze the risk once you have this information in hand.

where is patient data stored? What are the controls on who and how access to that data is made available?
After that it is all procedures dealing with auditing
i.e. log who logs in/out
etc.

0
 

Author Comment

by:vulture714
ID: 35210441
What about some type of a checklist for the office.   What I need is a checklist of what do to and what not to do when it comes to information technology.
0
 
LVL 78

Accepted Solution

by:
arnold earned 500 total points
ID: 35210515
Without getting a clear picture of what is in the office i.e. what their setup is. What type of data and how it is accessed, you will have a ton of lists with things to do and not to do.
You need to narrow the thing down.
Is this a medical doctors office?
Is this a medical transport type firm?
Is this a medical supply type firm?
Make sure unattended station when screen saver activates (5) minutes requires a password to unlock, or better still require the users to lock their workstation prior to leaving their desk/system unattended.

If access to the net exists, make sure to have anti-virus applications on the systems.
A Proxy system could also be used to "limit" what sites are being accessed as well as trying to "protect" the internal system from virus/etc.
Securing the outside firewall to limit the types of outgoing internal connection i.e. even if a worm/rtojan/backdor compromises a system, it will not be able to get out.

Then you have the backup, notification, auditing policies, etc.



0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

697 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question