Health Information Compliance Alert
Get Expert Help For Your Security Policy
PDF
Follow the right framework to create and update your policy.
As you wade through the murky waters of HIPAA Security Rule compliance, your security policy should not only chart your voyage, but it should also serve as your lighthouse for when you drift off-course. But for your security policy to become such a vital and reliable document, you need to first understand the framework for all that the policy must include.
According to HIPAA expert Jim Sheldon-Dean, founder and director of compliance services for Lewis Creek Systems, LLC in Charlotte, VT, your basic security policy framework should look like this:
Four Basic Policies (or Policy Types):
1. Security Management Process
• Include enabling language in your policy.
Enlist These Resources to Ensure a Compliant Security Policy
And if you need help drafting your security policy or ensuring that it remains compliant, Sheldon-Dean points out that you can get help from the following resources:
The SANS Institute’s Security Policy Project: Includes a short primer for developing security policies, along with samples and guidance. Read more at www.sans.org/resources/policies.
New York University HIPAA security policies: Provides model security policies with a good level of detail, and many of the concepts are directly transferable. Read more at www.nyu.edu/its/policies/#hipaa.
The National Institute of Standards and Technology (NIST) Computer Security Incident Handling Guide (SP 800-61 Revision 2): Provides a practical guide to responding to incidents and establishing a computer security incident policy and process. Read more at csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf
NIST ITL Bulletin (September 2012): Focuses on the revised SP 800-61. Read more at csrc.nist.gov/publications/nistbul/itlbul2012_09.pdf.
2. Information Access Controls
3. Data Management (Contingency-Backup-Retention)
4. User Policy
• Define details in your procedures.
• Include as much documentation as possible.
Health Information Compliance Alert
- HIPAA Compliance:
Do You Have An Information Security Management Process?
Tip: Run your data security like a business. If you don’t have a formalized process [...] - Get Expert Help For Your Security Policy
Follow the right framework to create and update your policy. As you wade through the [...] - Privacy Breaches:
Be On Your Guard with These Vulnerable Areas
You can’t afford to fall short in your compliance efforts. Recent breaches have shown that [...] - Hospice BAAs:
Cut These Unnecessary Business Associate Agreements
Are you unknowingly making these common hospice BAA mistakes? You’ll need to step up your [...] - Clip and Save:
Focus on EMR Features When Determining the Best Fit
Check this handy list to compare different systems. Finding an electronic medical records (EMR) system [...] - How Would You Handle It?
How to Work With a Talker Read the situation below, and decide how you would [...] - Home Health Compliance:
Know When To Use The Replacement ABN
Your HHABN may still apply into 2014. Just because the Centers for Medicare & Medicaid [...] - Industry Notes:
Watch For ICD-10 Coding Conversion Details Next Spring
Wondering which ICD-10 codes will be linked to LCDs? The Centers for Medicare & Medicaid [...]