Preparing for a HIPAA assessment can be a daunting task – one that that can cost companies significant sums in consulting and auditing fees. During a recent interview with Nicole Freeman from HealthITSecurity, I offered the following five tips to prepare for a HIPAA assessment.
1. Identify all of your business and client data that falls under HIPAA and what data is out of scope
2. Understand where your confidential data is within the organization and outside the organization (Third Parties)
3. Make sure that you have operating controls to protect the confidentiality and integrity of the confidential data wherever it is input/imported, processed, stored, output/transmitted and properly disposed of at the end of its lifespan
4. Make sure that you have documented controls to ensure the continued availability of the systems that support the confidential data
5. Make sure that you have documented controls for users to follow, IT to configure, and management to enforce
To read the entire article, click here.
Based in the Philadelphia area, Jeff VanSickel is a seasoned Information Security Professional with over 20 years’ experience in the areas of Information Security, Information Technology, Audit Compliance, Risk and Project Management. Jeff, being a Payment Card Industry (PCI) Qualified Security Assessor (QSA), a certified CISSP and CISM, he is highly knowledgeable about US Federal and State Law (including SOX, HIPAA, GLBA and Breach Law), US Regulations, ISO-27001/2, NIST, and PCI-DSS.