7 IT Policies And Procedures That Companies Under HIPAA Regulations Must Have

HIPAA and HITECH have been around for quite some time. Even so, many companies covered by these laws are way behind the times when it comes to actual implementation. And when you really think about it, even companies not covered by these laws should have the requisite policies and procedures in place.

  1. Access Control Policy. How are users granted access to programs, client data and equipment? Also includes how administrators are notified to disable accounts when needed.
  2. Workstation Use Policy. Requiring secure passwords, monitoring logins and limiting unsuccessful logins are just a few of the basics covered. Policies also need to cover basic security best practices such as not allowing passwords to be written down or shared with others.
  3. Security Awareness Training. Organizations must ensure regular training of employees regarding security updates and what to be aware of. You must also keep an audit trail of your reminders and communications in case you’re audited.
  4. Malicious Software Controls. You must have documented policies for the frequency with which anti-malware and antivirus software are updated and what happens if an infection/outbreak occurs.
  5. Disaster Recovery Plan. How you respond to emergency situations (of all shapes and sizes) must be fully documented and tested regularly. A full Disaster Recovery Plan is something our company can help you with.
  6. Media Disposal Policy. How do you dispose of old computer equipment and data? You must have policies and procedures in place that cover exactly how all equipment is properly disposed of and logged.
  7. Review And Audit Procedures. There’s much more to HIPAA compliance than the 6 items discussed here; however, be certain also that whatever you do has a firm audit trail/log that shows that everything has been executed according to plan.

These are just starting points. If you want to make sure your company is covered by these best practices, simply give our office a call at 520-428-3912.

  • Fill in the Form to
    Gain INSTANT Access
    to a Sample Acceptable Use Policy and Password Policy

  • This field is for validation purposes and should be left unchanged.

Important! We hate spam as much (or more!) than you and promise to NEVER rent, share, or abuse your e-mail address and contact information in any way.