?
Solved

HIPAA Risk Analysis

Posted on 2011-03-23
3
Medium Priority
?
502 Views
Last Modified: 2012-05-11
I want to know where I can find some information for Hippa, with regards to a client who is looking to become Hipaa complaint in a small office environment.

This is within a Windows environment.

Lastly, is there a way I can possibly hire someone to subcontract for this position?
0
Comment
Question by:vulture714
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 79

Expert Comment

by:arnold
ID: 35206052
A quick answer is to search and review the many available "HIPAA Best Practices"

First question, does the firm have an existing HIPAA compliant application that manages the data and access to it?

You would need to get the big picture on what is where and analyze the risk once you have this information in hand.

where is patient data stored? What are the controls on who and how access to that data is made available?
After that it is all procedures dealing with auditing
i.e. log who logs in/out
etc.

0
 

Author Comment

by:vulture714
ID: 35210441
What about some type of a checklist for the office.   What I need is a checklist of what do to and what not to do when it comes to information technology.
0
 
LVL 79

Accepted Solution

by:
arnold earned 2000 total points
ID: 35210515
Without getting a clear picture of what is in the office i.e. what their setup is. What type of data and how it is accessed, you will have a ton of lists with things to do and not to do.
You need to narrow the thing down.
Is this a medical doctors office?
Is this a medical transport type firm?
Is this a medical supply type firm?
Make sure unattended station when screen saver activates (5) minutes requires a password to unlock, or better still require the users to lock their workstation prior to leaving their desk/system unattended.

If access to the net exists, make sure to have anti-virus applications on the systems.
A Proxy system could also be used to "limit" what sites are being accessed as well as trying to "protect" the internal system from virus/etc.
Securing the outside firewall to limit the types of outgoing internal connection i.e. even if a worm/rtojan/backdor compromises a system, it will not be able to get out.

Then you have the backup, notification, auditing policies, etc.



0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses
Course of the Month14 days, 15 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question