Designate Security and Privacy Officer roles and define HIPAA compliance responsibilities within the organization.
Create policies for managing HIPAA requirements related to employee training and system access. Dictate access to PHI and sensitive data.
Configure an audit logging solution and determine how logs are collected, reviewed, and accessed to meet HIPAA requirements.
Implement and perform intrusion detection. Find malicious behavior and compliance issues before they become violations.
Address HIPAA risk assessment and risk analysis requirements. Set review periods for gathering compliance information, reviewing safeguards, and handling reports.
Create a standard operating procedure for responding to security incidents. Set policies for notifying customers and vendors of potential HIPAA security breaches.
Setup a Disaster Recovery team and set Recovery Time Objectives (RTOs) for responding to application and service availability issues within your organization.
Set standard policies and technical controls for encrypting PHI data in-transit and at-rest on AWS.
Ensure that all cloud data volumes, cloud databases, and transmitted data is encrypted.
Ensure that cloud network and security groups do not expose ports or access that may compromise PHI.
Ensure that your company uses proper user roles and policies in AWS. Avoid HIPAA violations stemmed from access issues.
Ensure that your organization’s logs are properly collected, aggregated, and analyzed.
Set procedures for conducting risk assessments. Receive alerts and notifications for remediating compliance issues.
Address physical security requirements utilizing Amazon Web Services safeguards provided under BAA.
©2019 Dash Solutions Inc. All Rights Reserved.