HIPAA Compliance Policy

Decent Essays

HIPAA Compliance Policy
To understand the responsibilities and define minimum security requirements of XYZ health care organization. All employees under the scope of this policy should abide by this policy.
This policy applies to all the employees of XYZ health care who have remote access to the patient’s medical data.
Control Matrix:
Table 1
Risk Control Matrix Risk Significance of Risk Likelihood of Risk Control Measures/ Countermeasures
1 Brute Force Password Attack Medium Low Employee should maintain a strong password and keep changing it every 30 days.
2 Employee not familiar with wireless technology High Medium Employees should undergo trainings and knowledge transfer before using the system resources.
3 Multiple Access and Logon Entries Medium Low Employees should not log into two systems at the same time.
4 Unauthorized Access High Medium Rules are to be set properly so that employees can access information for which they have access or authority.
5 Privacy of data High Medium Proper training is to be given to employees in order to understand the importance of the data and how to protecting it.
6 Laptop stolen High Low Employees should report to the administration immediately and protect the system with strong password.
7 Accessing information through public internet High Low Employees should never use a public network in order to access the data.
Notes: Rating: - Medium: Likely to occur every six months or less, High: Likely to occur after a

Get Access