VIRGINIA ASSOCIATION OF COMMUNITY SERVICES BOARDS HIPAA READINESS STEERING COMMITTEE



Similar documents
MCR Checklist for Automated Information Systems (Major Applications and General Support Systems)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HIPAA COMPLIANCE REVIEW

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Policy Document. Communications and Operation Management Policy

SAFEGUARDING PROTECTED HEALTH INFORMATION (PHI): FOCUS POINTS FOR OFFSITE TRANSCRIPTIONISTS

BACKUP SECURITY GUIDELINE

FINAL May Guideline on Security Systems for Safeguarding Customer Information

HIPAA Security. Jeanne Smythe, UNC-CH Jack McCoy, ECU Chad Bebout, UNC-CH Doug Brown, UNC-CH

Access to Electronic Health Records Policy Franciscan Health System

IT Security Procedure

8.03 Health Insurance Portability and Accountability Act (HIPAA)

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version and higher

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE

HIPAA Privacy and Security Risk Assessment and Action Planning

Cyber Security Best Practices

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

Chapter 84. Information Security Rules for Street Hail Livery Technology System Providers. Table of Contents

Electronic Prescribing of Controlled Substances Technical Framework Panel. Mark Gingrich, RxHub LLC July 11, 2006

CSG Windows Support Policy

Procedure Title: TennDent HIPAA Security Awareness and Training

The Internet and 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3

How To Protect A Hampden County Hmis From Being Hacked

Volume UC DAVIS HEALTH SYSTEM. HIPAA Security Compliance Workbook. Single - User Guide

Network Documentation Checklist

Security Tool Kit System Checklist Departmental Servers and Enterprise Systems

IT - General Controls Questionnaire

Network Security Policy

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice

ADMINISTRATIVE OFFICE OF THE COURTS STATE OF NEW JERSEY

IT Onsite Service Contract Proposal. For. <<Customer>> Ltd

INITIAL APPROVAL DATE INITIAL EFFECTIVE DATE

HIPAA Security Alert

INCIDENT RESPONSE CHECKLIST

Exhibit B5b South Dakota. Vendor Questions COTS Software Set

Information Technology Security Procedures

Virginia Commonwealth University School of Medicine Information Security Standard

The Second National HIPAA Summit

INFORMATION TECHNOLOGY ENGINEER V

Subject: Computers & Electronic Records. Responsible Party: Part C Coordinator

Information and Communication Technology. Patch Management Policy

HIPAA Information Security Overview

WHITE PAPER. Support for the HIPAA Security Rule RadWhere 3.0

Volume UC DAVIS HEALTH SYSTEM. HIPAA Security Compliance Workbook. Multi User Guide

Network and Security Controls

Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010 Service Pack B; 5 days, Instructor-led

15 Organisation/ICT/02/01/15 Back- up

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics

Services Agreement. Rev 12/10/08 TC v08 1

NETWORK ADMINISTRATOR

SAMPLE ELECTRONIC DISCOVERY INTERROGATORIES AND REQUESTS FOR PRODUCTION

White Paper. Support for the HIPAA Security Rule PowerScribe 360

Policy Title: HIPAA Access Control

INFORMATION SECURITY PROGRAM

The second section of the HIPAA Security Rule is related to physical safeguards. Physical safeguards are physical measures, policies and procedures

IMAC/D Service description

GETTING STARTED WITH A COMPUTER SYSTEM FACTSHEET

Network and Workstation Acceptable Use Policy

RL Solutions Hosting Service Level Agreement

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Network & Information Security Policy

C.T. Hellmuth & Associates, Inc.

University of Illinois at Chicago Health Sciences Colleges Information Technology Group Security Policies Summary

Minimum Requirements for Cencon 4 with Microsoft R SQL 2008 R2 Express

End-to-End Infrastructure Solutions

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

Retention & Destruction

INFORMATION TECHNOLOGY CONTROLS

Managed Security Services SLA Document. Response and Resolution Times

Department of Finance and Administration Telephone and Information Technology Resources Policy and Procedures March 2007

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

Client Security Risk Assessment Questionnaire

Client Hardware and Infrastructure Suggested Best Practices

Information Technician Training Needs Assessment Evaluation Form. Personal/Position Information

MISSISSIPPI DEPARTMENT OF HEALTH COMPUTER NETWORK AND INTERNET ACCESS POLICY

MCSA Objectives. Exam : TS:Exchange Server 2007, Configuring

Subject: Information Technology Configuration Management Manual

Determine dates with you telecom suppliers so that the new office is online before your move for both Phones and Data connections.

MS 10135B Configuring, Managing and Troubleshooting Microsoft Exchange Server 2010

VERITAS NetBackup 6.0 for Microsoft Exchange Server

Payment Card Industry Compliance

EHR Implementation: What you need to know to have a successful project: Part 2. Bruce Kleaveland President Kleaveland Consulting, Inc.

Configuring, Managing and Troubleshooting Microsoft Exchange Server 2010 Service Pack 2

Bates Technical College. Information Technology Acceptable Use Policy

Transcription:

VIRGINIA ASSOCIATION OF COMMUNITY SERVICES BOARDS HIPAA READINESS STEERING COMMITTEE HIPAA CHECKLIST FOR INFORMATION TECHNOLOGY AND COMPUTER SYSTEMS SECURITY AREA OF CONCERN QUESTIONS Workstations Software/Hardware a policy and procedure on desktop use? Does your policy include security of protected health information? Does your CSB have physical safeguards to eliminate or minimize unauthorized access to information? Does your CSB have regularly scheduled training on workstation security for users? Does the training include the following topics: tracking certain transactions, back-up, disposal of old information, password management, automated log-off time frames, screensavers with passwords to log back on, unattended computers, prohibition of unauthorized software, wireless connections, electronic certificates/digital signatures? Do you have policies and procedures for the security management of the paper medical record? Business Associate/Chain of Trust agreements with software vendors Is the organization working with Y, N OR N/A Location of Documentation

Internet Security and Use its software vendor to insure HIPAA compliance and existence of BA/COT agreements? Does the organization use an electronic billing vendor? Has the organization surveyed its vendors/business relationships to determine who falls into the BA/COT realm? Media Management and Disposal a policy and procedure defining the disposal of all computers (desktops, servers, handheld palm computers, etc? Does the procedure include the destruction of hard drives? Does the procedure track computers to new employees or to outside recipients? Does the organization maintain an inventory of computers and software? procedures for disposing of ribbons, cartridges, diskettes, cds, dictaphone cassettes, audiocassettes, videocassettes, etc.? policies and procedures for management of fax machines, voice mail, video and audio tapes of client sessions? policies and procedures regarding access to and use of the Internet? Does the policy clearly state that Internet traffic is not secure nor confidential? methods or procedures for monitoring Internet traffic?

E-mail Transaction Codes Does the organization limit use of the Internet to specifically authorized users? an email policy and procedure that defines the use of internal and Internet email? Do email users have passwords protecting their email accounts? Does the policy establish agency ownership of any email? Does the policy prohibit the transmittal of threatening, offensive, harassing or otherwise, inflammatory statements? Does the policy and procedure define the use of email for transmission of client information? Does the agency use encryption or digital signatures on extremely sensitive email? a policy and procedure regarding the download of materials from the Internet? Is the organization monitoring the vendor activity related to upgrades of software? Is the organization monitoring the progress of DMAS regarding transaction codes? If the organization does its own programming, has it established a plan of action for the reprogramming?

Disaster Recovery Plan Has the organization developed a disaster recovery plan? Does the plan address the following elements? I. Overview II. Information Technology Structure A. Depts. supported by IT Reimbursement, A/R, Purchasing, Clinical/Case Mgmt staff, Support staff/client Records, Admin, Management B. Major Systems supported by IT C. Major Systems supported by IT Primary Client Data systems (Anasazi, CMHC, BTI, etc), electronic Medicaid billing system, payroll, financial accounting, acquisition/ purchasing, CARS, budgeting, state Comprehensive Plan software, POMS software, Microsoft Office, Outlook III. Information Processing Equipment and Software A. Software (ex. NT 4.0, Service Pack 4, Seagate Backup, Netshield Antivirus, NT File system B. Hardware (ex. servers, tape backup hardware, MEGARaid controller, uninterrupted power supplies IV. Network Connectivity Hardware (ex. switches, routers, hubs, broadband modems

V. Information storage A. Server storage config B. Data replication VI. Security A. Physical security B. Network access C. Resources (printers, directories) D. File access VII. VIII. Data Archiving (back up procedures for both desktops and servers) Data warehousing IX. System Disaster Recovery A. Hardware B. Software and Data Appendices including Appendices including procedures for backup configuration, restore configuration, configuring resource sharing/ permission procedures, configuring directory/file permission procedures Other CSB Identified areas of concern

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information