|
If you are not on CMS' list of potential PricewaterhouseCoopers (PwC) HIPAA audits, be thankful. But take the time to consider how well you would perform if such an audit were to take place at your hospital. "It's a good idea to take a close look at what you're doing now to make sure that you are in compliance, because this is something that is serious," says Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, OR.
Use the following six steps to audit your HIPAA security and better ensure that your hospital is in compliance with the rule:
1. Perform a risk analysis.
A risk analysis forms the basis for any sound security program, Apgar says. In a risk analysis, first inventory all of your organization's assets, including people, data, hardware, software, facilities, etc.
From these assets, determine which are the most important to maintaining your organization's security and business operations. Then analyze these vital assets to determine vulnerabilities and threats.
|
EMAIL THIS PAGE
FORMAT FOR PRINTING