HAN Security

• EPHI Application Inventory (Excel - November 2004)

• Roles and Responsibilities of an Information Security Officer (PDF - November 2004) 

• HIPAA Security Checklist (PDF - November 2004)

• Back Up Procedure Draft Template (PDF - July 2004)

• Risk Assessment Checklist (PDF - September 2004)

• Strategies for Disaster Recovery (PDF - July 2004)

• Health Alert Network Vulnerability Assessment (PowerPoint - July 2004)

• HIPAA Definitions (PDF - July 2004)

• LHD HIPAA Security Committee (PDF - January 2005)

• Risk Analysis Survey (PDF - July 2004)

• Federal Register (PDF - August 2004)

• HIPAA Discussion Items (PDF - August 2004)

• HIPAA Security LHD Database (Access - January 2005)

Draft Policies

• IT-0514 Disaster Recovery Plan

• IT-0516 Audit Controls and Review

• IT-0517 Media Disposal

• IT-0518 Access Authorization and Modification

• IT-0520 Acceptable Workstation Use

Draft Procedures

• OP- 018 – Security Incident Reporting

Technical Safeguards Statements

• Audit Controls

• Integrity - Mechanism to Authenticate EPHI

• Access Control - Encryption and Decryption

• Integrity

Sample Policies

• Physical Security for IT Resources

• Jackson County Examples

  • Backup Storage Agreement

  • Computer/Server Access Log

  • Contingency Plan

  • Cross Reference

  • Data Backup and Storage

  • Facility Access/Security

  • Incident Report

  • EPHI - Storage and Inventory

  • Protection/Access to Electronic Protected Health Information

  • Policy/Procedure Review & Retention

  • HIPAA Security Manual Policy & Procedure Review Log

  • Sanction Policy HIPAA Security

  • Security Incidents Reporting and Response

  • Vulnerability Assessment Evaluation and Plan of Action

HIPAA Security Meetings

• June 2004 Agenda

• November 2004 Agenda

• January 2005 Agenda

• February 2005 Agenda

• March 2005 Agenda

• April 2005 Agenda

Last Updated: February 02, 2006

WVDHHR Privacy Statement
© Copyright 2002, WVDHHR