preview

HIPAA Compliance Policy

Decent Essays
HIPAA Compliance Policy
Purpose:
To understand the responsibilities and define minimum security requirements of XYZ health care organization. All employees under the scope of this policy should abide by this policy.
Scope:
This policy applies to all the employees of XYZ health care who have remote access to the patient’s medical data.
Control Matrix:
Table 1
Risk Control Matrix Risk Significance of Risk Likelihood of Risk Control Measures/ Countermeasures
1 Brute Force Password Attack Medium Low Employee should maintain a strong password and keep changing it every 30 days.
2 Employee not familiar with wireless technology High Medium Employees should undergo trainings and knowledge transfer before using the system resources.
3 Multiple Access and Logon Entries Medium Low Employees should not log into two systems at the same time.
4 Unauthorized Access High Medium Rules are to be set properly so that employees can access information for which they have access or authority.
5 Privacy of data High Medium Proper training is to be given to employees in order to understand the importance of the data and how to protecting it.
6 Laptop stolen High Low Employees should report to the administration immediately and protect the system with strong password.
7 Accessing information through public internet High Low Employees should never use a public network in order to access the data.
Notes: Rating: - Medium: Likely to occur every six months or less, High: Likely to occur after a
Get Access