HIPAA Compliance Checklist

In order to comply with HIPAA requirements, it is helpful to know what items are required. Here is a checklist for compliance with the Technical Safeguards section of HIPAA.

The Technical Safeguards selection relate to technology requirements to access and protect PHI. PHI must be encrypted once it travels outside of the organization’s internal perimeter. This ensures that a breach of confidential patient information renders it unreadable and unusable. Provided that criteria are met, organizations can select whatever tools allow them to:

  • Implement access control – Assign unique user access as well as procedures to govern release/disclosure of PHI during an emergency
  • Authenticate PHI – Make sure PHI has not been altered or destroyed
  • Encrypt and decrypt messages – Authorized users must be able to decrypt messages when sent beyond an internal firewalled server and decrypt them when received.
  • Audit and log activity – Audit controls should record attempted access to PHI and what has been done to the data when it’s been accessed.
  • Automatically log off of devices – Automatically log authorized people out of devices in order to prevent unauthorized access from unattended devices

See how AlgoSec can help with your HIPAA compliance

Check out these resources

Stop Putting out Fires. Pass Network Security Audits – Every Time

Compliance with network and data security regulations and internal standards is vital and mission-critical. But with increasing global regulations and network complexities, it’s ...

The Firewall Audit Checklist

Six Best Practices for simplifying firewall auditing and compliance, and reducing risk.

Regulations and compliance for the data center – A Day in the Life

The company has a hybrid network – multiple firewalls spread across a physical data center, Cisco ACI and Amazon Web Services. Each platform is protected by its own security cont...

Tips to Meet HIPAA Requirements

img

Conduct a network security audit

It is critical to periodically audit your network security controls. Network security audits help to identify weaknesses in your network security posture so you know where your security policies need to be adapted. Firewall audits also demonstrate that you have been doing your due diligence in reviewing security controls and policy controls.

img

Conduct periodic compliance checks

Your network firewalls are a critical part of many regulatory requirements. Ensuring that your network firewalls comply with critical regulations is a core part of your network security posture.

img

Consider network segmentation

By building and implementing a network segmentation strategy, networks can be broken down into multiple segments and made safer against potential breaches by dangerous cybercriminals and hackers.

img

Periodically evaluate your firewall rules

Following firewall rules best practices, you should periodically evaluate your firewall rules. Identify and consolidate duplicate rules, remove obsolete or unused firewall rules, and perform periodic firewall rule re-certification.