Security Requirement

HIPAA Readiness
YES = 1, NO = 0

1. Developed specific job description for HIPAA Security Officer?

2. Identified HIPAA Security Officer and security team?

3. Acquired HIPAA training for security team?

4. Established initial budget?

5. Created inventory?

6. Conducted vulnerability assessment?

7. Identified contingency requirements?

8. Developed security strategy and HIPAA security policy documents?

9. Created security procedures?

10. Determined contingency planning requirements?

11. Developed plans for physical security?

12. Implemented intrusion detection and malicious software detection systems?

13. Secured facilities and physical access to server systems?

14. Implemented device and media control solutions for all key e-PHI systems?

15. Implemented authentication solutions for all key e-PHI systems?

16. Deployed access control technology for all key e-PHI systems?

17. Implemented automatic logoff on all desktop and server systems?

18. Activated log-in monitoring and auditing capability on all key e-PHI systems?

19. Deployed encryption and other technology to secure sensitive storage and transmission?

20. Tested contingency planning procedures?

21. Reviewed and updated all BACs?

22. Conducted security training for all members of the workforce?

23. Communicate security requirements on a regular basis?

24. Assessed if all identified vulnerabilities have been addressed?

25. Verified that all compliance requirements have been met?