HIPAA Protection Requirements
The Security Rule states that covered entities and business associates must “conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information.” Cyberstone can help healthcare organizations meet this requirement by performing both risk and vulnerability assessments.
The Security Rule also requires rock-solid written information security policies (also called plans). Some of the required policies are (1) sanction plan, (2) incident response plan, (3) data backup plan, and (4) data backup plan. Organizations not only have to have these policies in place, but they should also be updated every time there’s a significant change to the organization chart or the technology within the environment. For example, if there is a restructuring of departments, a merger, an acquisition, a move to the cloud, or the implementation of a new ERP system, policies should be updated to reflect the new environment.