3CNC’s HIPAA Security Assessment will provide answers and solutions for many common issues including:

Are The Companies I do Business With Protecting My Electronic Protected Health Information (ePHI)?

  • Are the vendors I am working with in my practice handling data in a secure way?
  • Do I have a Business Association Agreement in place with each vendor?

Are My ePHI Records Safe?

  • Is sensitive data stored on laptops, desktops and portable devices protected?
  • Are procedures in place to verify the identity of a person requesting ePHI?
  • Is a record maintained of the movement of hardware and electronic media that contain ePHI as well as the person responsible?
  • Have my ePHI applications and supporting infrastructure, as it relates to business continuity, been determined and documented?

Computer Network Security

  • Are my practice's computer network and firewalls configured properly to prevent security and data breaches?
  • Is remote access accomplished in a method that is secure?
  • Is our logging of access to records and computer systems good enough?
  • Who can access our computer systems and network?
  • Do we have physical controls in place to prevent unauthorized people from accessing the physical servers, computers or storage devices?
  • Have all employees, staff and management been trained and are they periodically provided with security training and updates?
  • Are adequate password policies in place?
  • Does each employee have a unique User ID and Password known only to him/her for the purpose of identifying and tracking system access to ePHI?

Security Best Practices

  • Has one person been designed as the single point of accountability for security in my medical practice? Are these properly defined in his/her job description?
  • Have policies and procedures been implemented to identify and respond to suspected or known security incidents?
  • Has a professional and accurate security risk assessment been completed and is it up to date?