HIPAA SECURITY ASSESSMENT

Security Workplace designed the HIPAA Security Assessment to provide an overview of the state of organizational and technical security as it relates to patient information and confidentiality. This engagement focuses on security (and overlapping privacy policies), procedures, physical access controls, technical access controls and internet/intranet controls. The assessment review provides management with an opinion of what areas the organization may need to focus resources on to comply with HIPAA Security regulations and reduce its current level of risk.

The Work Plan

The in-depth work plan will include the following:

•  Departmental review of current patient information security-related strategies, policies and procedures including:

•  System certification
•  Contingency plans
•  Records processing
•  Information access controls
•  Personnel security
•  Incident procedures
•  Termination procedures

•  Examination of current audit procedures
•  Examination of current physical access protections:

•  Security responsibility
•  Secure workstation location
•  Staff security awareness
•  Media controls

•  Examination of system & application access controls and procedures
•  Analysis of current Internet/ Intranet, Data-Com, LAN/WAN, and dial-up security provisions
•  Departmental review of current IS technical security & privacy mechanisms and capabilities
•  Interviews with key staff

Deliverables

At the conclusion of this assessment you will receive:

On-site, senior management level presentation of current security state which will include:

•  Matrix of deficiencies and vulnerabilities as they relate to both general industry and the HIPAA security regulations
•  Current state of security policies and procedures
•  Current state of IS technical security deployment
•  Risk analysis
•  Milestone based work plan with timeline to implement solutions and  recommendations.