HIPAA Security Compliance Manual: Table of Contents

Step 1: Read the overview of the security rule

Step 2: Appoint a security official/prepare and implement job

Step 3: Perform a risk analysis

Step 4: Determine if Computer System is Capable of Providing Electronic/Audit Trails; Implement Audit Control Policies & Procedures (4-page PDF file; About PDFs)

Step 5: Develop workforce clearance procedures and means of implementing clearance requirements for employees who access Ephi

Step 6: Design and implement user identification and authentication policies and procedures for electronic information systems

Step 7: Implement automatic log-off processes

Step 8: Implement transmission security /encryption technology

Step 9: Install protection from malicious software; report security incidents

Step 10: Implement firewall technology

Step 11: Review and implement computer backup policies and procedures

Step 12: Develop security incident policies and procedures

Step 13: Implement facility maintenance log

Step 14: Develop facility security and contingency plans

Step 15: Develop a list of business associates and implement agreements

Step 16: Create computer workstation use policies and procedures

Step 17: Document and train all physicians on the security policies and procedures

Step 18: Obtain signed workforce confidentiality agreements from all physicians and staff

Step 19: Monitor compliance with the security rule

Step 20: Evaluate all policies and procedures periodically

Step 21: Create workforce termination procedures

Step 22: Implement sanction policy

Appendix 1 - Addressable Specifications

Appendix 2 - An Example of the Scalability of the Security Standard (1-page PDF file; About PDFs)

Appendix 3 - HIPAA Resources

Bibliography