?
Solved

HIPAA Risk Analysis

Posted on 2011-03-23
3
Medium Priority
?
508 Views
Last Modified: 2012-05-11
I want to know where I can find some information for Hippa, with regards to a client who is looking to become Hipaa complaint in a small office environment.

This is within a Windows environment.

Lastly, is there a way I can possibly hire someone to subcontract for this position?
0
Comment
Question by:vulture714
  • 2
3 Comments
 
LVL 81

Expert Comment

by:arnold
ID: 35206052
A quick answer is to search and review the many available "HIPAA Best Practices"

First question, does the firm have an existing HIPAA compliant application that manages the data and access to it?

You would need to get the big picture on what is where and analyze the risk once you have this information in hand.

where is patient data stored? What are the controls on who and how access to that data is made available?
After that it is all procedures dealing with auditing
i.e. log who logs in/out
etc.

0
 

Author Comment

by:vulture714
ID: 35210441
What about some type of a checklist for the office.   What I need is a checklist of what do to and what not to do when it comes to information technology.
0
 
LVL 81

Accepted Solution

by:
arnold earned 2000 total points
ID: 35210515
Without getting a clear picture of what is in the office i.e. what their setup is. What type of data and how it is accessed, you will have a ton of lists with things to do and not to do.
You need to narrow the thing down.
Is this a medical doctors office?
Is this a medical transport type firm?
Is this a medical supply type firm?
Make sure unattended station when screen saver activates (5) minutes requires a password to unlock, or better still require the users to lock their workstation prior to leaving their desk/system unattended.

If access to the net exists, make sure to have anti-virus applications on the systems.
A Proxy system could also be used to "limit" what sites are being accessed as well as trying to "protect" the internal system from virus/etc.
Securing the outside firewall to limit the types of outgoing internal connection i.e. even if a worm/rtojan/backdor compromises a system, it will not be able to get out.

Then you have the backup, notification, auditing policies, etc.



0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

755 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question