Jul 27, 2017
Earlier this year, the American Health Information Management Association (AHIMA) published its “External HIPAA Audit Readiness Toolkit” to help covered entities (CEs) and business associates (BAs) prepare for the Office for Civil Rights’ (OCR) upcoming Phase 2 HIPAA Audit Program. The toolkit aims to be the go-to resource for understanding the requirements of Phase 2 audits, so you can self-audit your healthcare organization and be prepared. Although the kit is a good start, we’ve identified additional activities that are necessary—including credible sources to use as reference for best practices.
In Phase 2 audits, the OCR will look for fully developed information governance programs that go beyond the minimum requirements for record management and compliance; comprehensive information privacy and data security is necessary. Self-auditing, starting with the AHIMA toolkit, helps ensure your data is protected and you’re able to demonstrate compliance with the OCR. Let’s review the actions you can take to be prepared for HIPAA audits:
In the previous blog we explored system & communications protection and information integrity. In this post, we will discuss the next policy area- CJIS Compliance Formal audits. In the process of ensuring agencies’ compliance with applicable policies, statutes and regulations, formal audits are conducted periodically. Audits by the FBI CJIS Division
Source: Understanding CJIS Compliance Formal Audits
The previous blog on physical protection helped us in understanding the various security measures that need to be taken to ensure protection of Criminal Justice Information (CJI) in a physically secure location. In this blog, we will discuss one of the most important policy areas of CJIS which is System and Communications Protection and Information Integrity. Information Flow Enforcement
Source: CJIS Compliance – System, Communications Protection & Information Integrity
In the previous blog, we discussed the importance of protecting physical as well as digital media. This time we will deep-dive into the importance of physical protection and various steps the agencies should take in order to secure the criminal justice information as per CJIS Compliance Physical Protection standards.
Source: Understanding CJIS Compliance Physical Protection
In the previous blog, we discussed the management of system configuration and in this blog we will try to understand how media should be protected and why is it important to do so. As discussed in previous blogs, access of electronic and physical media in all of its forms should be restricted only to authorized personnel and the agency should maintain a CJIS Compliance media protection policy and the procedures should be documented.
Source: Understanding CJIS Compliance Media Protection
It’s hard to avoid the cloud these days when you’re working in a corporate environment; it’s estimated that about 35% of all IT services are delivered at least partially through the cloud, and the global market for cloud equipment is expected to reach $79.1 billion by 2018. That being said, plenty of consumers have noticed that far too many businesses have been targeted by cyberhackers — in many cases, the data stored in a cloud system is what’s stolen.
So how can you make sure that you’re using your cloud computing system to the fullest extent without sacrificing security? Here are a few tips to get you started:
Read More: How To Manage Cloud Computing Security: 3 Simple Tips.