HIPAA Risk Analysis

Posted on 2011-03-23
Medium Priority
Last Modified: 2012-05-11
I want to know where I can find some information for Hippa, with regards to a client who is looking to become Hipaa complaint in a small office environment.

This is within a Windows environment.

Lastly, is there a way I can possibly hire someone to subcontract for this position?
Question by:vulture714
  • 2
LVL 82

Expert Comment

ID: 35206052
A quick answer is to search and review the many available "HIPAA Best Practices"

First question, does the firm have an existing HIPAA compliant application that manages the data and access to it?

You would need to get the big picture on what is where and analyze the risk once you have this information in hand.

where is patient data stored? What are the controls on who and how access to that data is made available?
After that it is all procedures dealing with auditing
i.e. log who logs in/out


Author Comment

ID: 35210441
What about some type of a checklist for the office.   What I need is a checklist of what do to and what not to do when it comes to information technology.
LVL 82

Accepted Solution

arnold earned 2000 total points
ID: 35210515
Without getting a clear picture of what is in the office i.e. what their setup is. What type of data and how it is accessed, you will have a ton of lists with things to do and not to do.
You need to narrow the thing down.
Is this a medical doctors office?
Is this a medical transport type firm?
Is this a medical supply type firm?
Make sure unattended station when screen saver activates (5) minutes requires a password to unlock, or better still require the users to lock their workstation prior to leaving their desk/system unattended.

If access to the net exists, make sure to have anti-virus applications on the systems.
A Proxy system could also be used to "limit" what sites are being accessed as well as trying to "protect" the internal system from virus/etc.
Securing the outside firewall to limit the types of outgoing internal connection i.e. even if a worm/rtojan/backdor compromises a system, it will not be able to get out.

Then you have the backup, notification, auditing policies, etc.


Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Cloud computing is a model of provisioning IT services. By combining many servers into one large pool and providing virtual machines from that resource pool, it provides IT services that let customers acquire resources at any time and get rid of the…
An Incident response plan is an organized approach to addressing and managing an incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

586 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question