- Document data management, security, training and notification plans.
- Use a password policy for access.
- Encrypt PHI, whether it is in a database or in files on a server. Although not required by HIPAA, it is strongly suggested and considered best practice to do so while stored in the database, and especially during transmission. More encryption considerations:
- Always use SSL for web-based access of any sensitive data.
- Encryption techniques and mechanisms of sensitive information should be known to only a select few.
- Content such as images or scans should be encrypted and contain no personally identifying information.
- Don’t use public FTP – use an alternative method to move files.
- Only use VPN access for remote access.
- Use login retry protection in your application.
- Document a disaster recovery plan
- Save money and time by hosting with a company that already has a BAA in place – that way your auditor can review the document instead of conducting another audit on top of yours.
Source :
http://www.onlinetech.com/resources/references/tips-for-passing-a-hipaa-auditDocument data management, security, training and notification plans.
