2021 Fillmore Street #1128


24/7 solutions

HIPAA Healthcare Security Policies

HIPAA Healthcare Security Policies

The HIPAA healthcare security policies outlines national security standards intended to ensure integrity, confidentiality and security of patient health records.
Three parts to the HIPAA Healthcare Security Policies:

  1. Administrative Safeguards - The administrative components are really important when implementing a HIPAA compliance program
  2. Technical Safeguards - Technical safeguards outline what your application must do while handling PHI. There are both required and addressable elements to these safeguards.
  3. Physical Safeguards – The Physical Safeguards really have to do with who has access to PHI data and how that access is managed. HIPAA compliant hosting companies (such as TrueVault, AWS, Firehost and Rackspace) handles much of the requirements.

Questions to Consider:

Does your organization have a documented information security program?
The policies and procedures required must be maintained in writing, and that any other communication, action, activity, or designation that must be documented under this regulation be documented in writing. “Writing” includes electronic storage; paper records are not required. Organizations are required to retain any documentation required under the Security Rule for at least six years (the statute of limitations period for the civil penalties) from the date of the creation of the documentation, or the date when the document was last in effect, whichever is later.
Does your organization’s security policies cover the following items?

  • Code of Conduct
  • Account Management
  • Passwords
  • Data Classification
  • Third Party Information Security
  • Mobile Computing
  • Use of Cryptography
  • Disaster Recovery
  • Data Secure Disposal
  • Email Appropriate Use
  • Internet Appropriate Use

Are Security Policies Approved by management?
Are Security policies communicated to all relevant parties including employees, contractors and other third parties?
All employees, contractors and other third parties working with organization must undergo a security policy training session upon hiring or partnership. This security policy training is then renewed annually. Any changes in security policy are updated in the organization’s security documentation and communicated to appropriate parties via email. Managers are also required to communicate verbally any major changes.
Are Security policies reviewed and updated at least annually?
Are Security Policies legally binding on all relevant parties, including employees, contractors, and other third parties?
How your organization determines suitability of any of your vendors with regard to adhering to the communicated Security Policies?

Free AWS Services List

Download this FREE list of all 200+ AWS services and ensure that you're using the optimal services for your use case to enhance efficiency and save money!

Free AWS Business Continuity Plan Template

Make sure you have the proper business continuity plan explicitly for you AWS infrastructure. our professionals built this template using AWS best practices so you can ensure it's built to scale! 

Free Cloud Migration Checklist

Without the proper cloud migration strategy, you risk losing time and money. Ensure that your migration process is running smoothly with our FREE cloud migration checklist.

Free AWS Services List

You might be optimizing with the wrong AWS services. Download this FREE list of all 200+ AWS services and ensure that you're using the optimal services for your use case to enhance efficiency and save money!

Download your FREE AWS Business Continuity Plan Template
Download Free 200+ AWS Services Checklist
Download our 10-Step Cloud Migration ChecklistYou'll get direct access to our full-length guide on Google Docs. From here, you will be able to make a copy, download the content, and share it with your team.