• E-mail
• Print
• RSS

Avoid these five common pitfalls when preparing for security

HIPAA Weekly Advisor, October 3, 2003

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

The final security rule requires covered entities to analyze their risk to determine what unauthorized uses, disclosures, and data integrity losses would occur if security measures were not in place. Once a HIPAA team is formed and upper management sponsorship is obtained, a risk analysis is the first step towards security rule compliance. But before you begin your analysis, beware of the following common mistakes:

1. Avoid the urge to immediately solve known security problems. Wait until you have a complete assessment and you see the full picture. You may decide that other security issues are more urgent and deserve a higher priority, based on staff or budget resources, or you may find that solutions are interdependent. By prematurely applying a technical solution to one problem, you may have complicated or worsened other security flaws, or you may have missed an opportunity for an integrated solution. As with any project, and especially one this big, be sure to take time to plan before acting.

2. Avoid focusing primarily or exclusively on technology. Actually, much if not most of security is administrative work policies, standards, procedures, and training.

3. Avoid letting technology dictate policy. Ideally, set policy first-with available technology solutions in mind-and then implement the supporting procedures and technologies to fit the policy.

Go to http://www.himinfo.com/news/feature.cfm?content_id=35452 to read more.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive