Ensure integrity of electronic information
Healthcare Auditing Weekly, July 12, 2005
HIPAA includes an integrity standard to ensure that electronic protected health information (ePHI) is protected, stored, and transmitted securely, using safe and secure software applications. Your organization's information security officials (ISO) should develop and perform the following activities to ensure information integrity:
1. Review authentication policies, procedures, and tools against HIPAA standards, industry best practices, and the applications and data criticality analysis to ensure that the most appropriate practices are being required. The ISO should do this annually and whenever a new application is implemented.
2. On a quarterly, random basis, apply a password cracker to detect weak password.
3. Conduct facility walkthroughs annually to look for passwords.
4. Review active account lists bimonthly against usage logs to determine that access termination has occurred and that password expiration is set appropriately.
The above tip is an excerpt from the book "Guide to HIPAA Auditing Practical Tools and Tips to Ensure Compliance," copyright 2005 by HCPro, Inc. This is a step-by-step book and CD-ROM resource for auditing and monitoring your HIPAA compliance program. Click here for more information or to order your copy today.
Related Products
-
Strategies for Health Care Compliance
News and real-life examples to increase the effectiveness of your compliance program. Strategies for Health Care Compliance...
-
Compliance Monitor
This HTML e-mail newsletter delivers news on Medicare and Medicaid fraud and abuse, as well as recent documents and targets...
-
Medicare Weekly Update
Each issue of Medicare Weekly Update includes the latest CMS proposed and final rules, CMS manual revisions, and...
-
Medicare Update for Physician Services
Medicare Update for Physician Services is a free, monthly e-zine that delivers news and information to help physician...
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- HIPAA Q&A: Level of encryption needed for email
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- QA:Coding multiple initial infusions
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- CMS has reformulated payments for some bilateral procedures
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- Do not code 57288 with 52000
- Searched