HIPAA Security Assessment FAQ
The MD Tech Secure HIPAA Security Assessment will provide answers and solutions for many common issues including:

Are Company's I Do Business With Protecting ePHI?
  • Are the vendors you are working with in your practice handling data in a secure way?
  • Do you have a business association agreement in place with each vendor?

Are Electronic Protected Health Information Records Safe?
  • Is sensitive data stored on laptops, desktops and portable devises protected?
  • Are procedures in place to ensure that a person requesting ePHI are who they say they are?
  • Is a record maintained of the movements of hardware and electronic media that contain ePHI and the person responsible?
  • Have my ePHI applications and supporting infrastructure as it relates to business continunity been determined and documented?
Computer Network Security
  • Is our computer network and firewalls configured properly to prevent security and data breaches?
  • Is remote access accomplished in a method that is secure?
  • Is our logging of access to records and computer systems good enough?
  • Who can access our computer systems and network?
  • Do we have physical controls in place to prevent unauthorized people from accessing the physical servers, computers or storage devices?
  • Have employees been trained for all staff and management and are periodic security training updates in place.
  • Are adequate password policies in place?
  • Does each employee have a unique password and user ID known only to them for identifying and tracking on systems that have access to ePHI?
Security Best Practices
  • Has one person been designed as the single point of accountability for security in the medical practice? Are these properly defined in their job description?
  • Have policies and procedures been implemented to identify and respond to suspected or known security incidents?
  • Is a professional and accurate security risk assessment been completed and is it up to date?

Back to HIPAA Security Assessment