HIPAA/HITECH Assessments

Regardless of the size of your practice, healthcare providers are required by law to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.

SCA will provide a detailed assessment for compliance with the HIPAA/HITECH requirements. Specific areas reviewed include but are not limited to:

  • Media Security – protection of all forms of physical storage media including paper documents
  • Hardware Security – hardware maintenance and change controls, anti-theft, anti-tampering
  • Software Security – software maintenance and change controls, software integrity, software copyright/licensing compliance, privileged program controls, anti-virus and related malicious software safeguards, database security, security design on new systems, risk management process
  • Network Security – network device security, communications security, network access controls, internet/web security, intrusion detection, vulnerability testing, network change controls, firewalls & proxy servers, dial-up access security, encryption, e-mail security
  • Host (System) Security – multi-user and single-user (workstation) computer operating system access controls including: user authentication, data access authorization, audit logs; application security
  • Procedural Security – information security charter, policies and procedures, organization, roles & responsibilities, auditing, awareness, IT change controls
  • Personnel Security – background checks, non-disclosure agreements, training, professional development, terminations & transfers, contracts
  • Disaster Recovery/Business Resumption Planning – Fault tolerance/redundancy, data backup, recovery/continuity planning
  • Physical Security – facilities access control, security cameras, location and marking of facilities
  • Environmental Security – disaster/interruption avoidance, safety, air conditioning and temperature controls, electrical power and utilities
  • Contractual Security/Privacy – Business Associate Agreements, non-disclosure-agreements