3CNC’s HIPAA Security Assessment will provide answers and solutions for many common issues including:
Are The Companies I do Business With Protecting My Electronic Protected Health Information (ePHI)?
- Are the vendors I am working with in my practice handling data in a secure way?
- Do I have a Business Association Agreement in place with each vendor?
Are My ePHI Records Safe?
- Is sensitive data stored on laptops, desktops and portable devices protected?
- Are procedures in place to verify the identity of a person requesting ePHI?
- Is a record maintained of the movement of hardware and electronic media that contain ePHI as well as the person responsible?
- Have my ePHI applications and supporting infrastructure, as it relates to business continuity, been determined and documented?
Computer Network Security
- Are my practice's computer network and firewalls configured properly to prevent security and data breaches?
- Is remote access accomplished in a method that is secure?
- Is our logging of access to records and computer systems good enough?
- Who can access our computer systems and network?
- Do we have physical controls in place to prevent unauthorized people from accessing the physical servers, computers or storage devices?
- Have all employees, staff and management been trained and are they periodically provided with security training and updates?
- Are adequate password policies in place?
- Does each employee have a unique User ID and Password known only to him/her for the purpose of identifying and tracking system access to ePHI?
Security Best Practices
- Has one person been designed as the single point of accountability for security in my medical practice? Are these properly defined in his/her job description?
- Have policies and procedures been implemented to identify and respond to suspected or known security incidents?
- Has a professional and accurate security risk assessment been completed and is it up to date?