HIPAA - Key IT Requirements

356views

written 5.3 years ago by

teamques10 ★ 68k

Conduct an initial risk assessment, periodic reviews and reassessments.
Written security policy.
Designated security person.
Written incident handling policy.
Backup, Emergency Operations, and Disaster Recovery plan.
Reuse and disposal plan for reusable media.
Audit controls are required, including unique user identifiers.
Termination Policy and Procedures
Implement user level processes of least privilege.
Log/audit login and logoffs
Secure and authenticate before physical access to the facility and sensitive areas is granted.
Written usage policies by system type (laptop, desktop, server...)
Physical removal tracking and policy of all systems and data (including removable media).
Create an "exact copy" backup prior to being moving data or systems.
Logout/disconnect inactive sessions
Audit access to secure data
Encrypt sensitive data (addressable)
Monitor and audit access and alterations to sensitive data
Protect data in transmission

ADD COMMENT EDIT