• Top Ten

  • 4. Eight Areas Required in a Compliance Plan

    1. Commitment to Compliance

    2. Designation of a Privacy Officer

    3. Conduct Regular Staff Trainings

    4. Communications

    5. Disciplinary Guidelines

    6. Auditing and Monitoring

    7. Corrective Action

    8. Response to Special Agent's Visit

  • 5. Risk Assessment

    Are Risk Assessments
    being conducted?
    How often?

    Do they address the
    Security Safeguards?


  • 6. Incident Response Management

    Steps needed in developing an Incident Response Management.

    1. Create an Incident Response Team

    2. Develop an Incident Response Plan

    3. Suspicious Activity Report

    4. Identification and Investigation

    5. Containment and Removal

    6. Reporting to Authorities

    7. Recovery

    8. Risk Assessment

    9. Follow-up 

    10. Policy Update

    11. Staff Education and Training

  • 9. Questions to Ask Business Associates

    Questions to ask in order to mitigate those risks:

    1. If you have access to our information electronically, please describe the safeguards you have in place.

    2. Is any of our protected health information stored at your site?

    3. When was the last vulnerability risk assessment performed?  Please provide a copy.

  • 10. Mobile Devices

    Do you have a Mobile Device Policy?

    1. Does staff use their own device(s) for business?

    2. Are device(s) encrypted?

    3. Do device(s) have password or user authentication?

    4. Do you employ a remote wiping software?

    5. Does the device(s) have security software installed?

    6. Is software confirmed that it is functioning and up to date?