Maintaining a cyberattack-resilient, HIPAA -compliant environment
For HIPAA Covered Entities, it is critical to protect the investment made in having a HIPAA compliant environment. The diagram below shows the different components of the solution. The text opposite the chart, shows you the steps you must take.
Physical Security
First level of protection against environmental threats and man-made threats. There is a need to establish Security Controls for: Reception areas, Server and Workstation areas, Equipment, Access Control, Computer Maintenance and Wiretapping
Incident Management
Detection, Identification, Analysis, Prioritization and Resolution of security incidents. This involves many processes and assignment of responsibilities to the security team.
Vulnerability Assessment
Evaluation of the ability to withstand assault. It is done by classifying possible vulnerabililtes. It can be used to identify weaknesses that could be exploited and predict effectiveness of preventive and restoring measures. Merysol Security’s Cybersecurity Preparedness Assessment can help you get you a practical update on how your IT is prepared for a cyberattack.
Breach Resolution & Recovery
Actions taken to understand root-cause of the breach, enable solutions to fix the problem and restore the system to its condition before the attack. Merysol Security’s IT-Disaster Recovery Plan can help you specify the actions needed to restore service.
Communications and Reporting Plan
Communicating with Customers, Employees, and business partners after an emergency situation is something a HIPAA CE must be prepared to do ahead of time. Reporting to the proper authorities, in a timely manner, is critical. Merysol Security’s Business Continuity Plan can be the repository of these activities.