Solved

HIPAA Risk Analysis

Posted on 2011-03-23
3
491 Views
Last Modified: 2012-05-11
I want to know where I can find some information for Hippa, with regards to a client who is looking to become Hipaa complaint in a small office environment.

This is within a Windows environment.

Lastly, is there a way I can possibly hire someone to subcontract for this position?
0
Comment
Question by:vulture714
  • 2
3 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 35206052
A quick answer is to search and review the many available "HIPAA Best Practices"

First question, does the firm have an existing HIPAA compliant application that manages the data and access to it?

You would need to get the big picture on what is where and analyze the risk once you have this information in hand.

where is patient data stored? What are the controls on who and how access to that data is made available?
After that it is all procedures dealing with auditing
i.e. log who logs in/out
etc.

0
 

Author Comment

by:vulture714
ID: 35210441
What about some type of a checklist for the office.   What I need is a checklist of what do to and what not to do when it comes to information technology.
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 35210515
Without getting a clear picture of what is in the office i.e. what their setup is. What type of data and how it is accessed, you will have a ton of lists with things to do and not to do.
You need to narrow the thing down.
Is this a medical doctors office?
Is this a medical transport type firm?
Is this a medical supply type firm?
Make sure unattended station when screen saver activates (5) minutes requires a password to unlock, or better still require the users to lock their workstation prior to leaving their desk/system unattended.

If access to the net exists, make sure to have anti-virus applications on the systems.
A Proxy system could also be used to "limit" what sites are being accessed as well as trying to "protect" the internal system from virus/etc.
Securing the outside firewall to limit the types of outgoing internal connection i.e. even if a worm/rtojan/backdor compromises a system, it will not be able to get out.

Then you have the backup, notification, auditing policies, etc.



0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Each year, investment in cloud platforms grows more than 20% (https://www.immun.io/hubfs/Immunio_2016/Content/Marketing/Cloud-Security-Report-2016.pdf?submissionGuid=a8d80a00-6fee-4b85-81db-a4e28f681762) as an increasing number of companies begin to…
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question