Privacy & Security Resources

Health Center Security & Compliance System Implementation Guide

6306
Health Center Security & Compliance System Implementation Guide

January 2019

There are ever-increasing cybersecurity guidelines and protection measures that Health Centers must navigate and digest. Newer and rurally located Health Centers can especially benefit from guidance and decision support that assists them in determining how to implement systems in a manner that meets compliance requirements and doesn’t expose information to undue security risk. Identifying and managing these types of risk can be especially important when procuring new Health IT (e.g. EHRs, Medical Devices, Data Warehouses) for the Health Center. This toolkit provides a framework for Health Centers to evaluate compliance and security concerns as they purchase, adopt, and implement technology solutions.

Every time a Health Center adopts and implements newly procured technology, they could be exposing themselves to compliance gaps and security risks. Often these topics are addressed after the solution is implemented and are an after-thought. Unfortunately, the later in the adoption process that security is considered, the costlier it becomes to address as it may require redesign or reconfiguration of software, systems, and processes.

Especially important for covered entities, like Health Centers, is for this process to meet the regulations outlined within HIPAA. Throughout this document, the related HIPAA requirements are highlighted within each section so as to better understand where this process sits within broader security risk assessment (SRA) practices. In the Appendix of this guide is an EHR/Health IT Systems checklist that can be used as an implementation interview guide when procuring new resources.

This guide can help organizations identify security concerns and design the appropriate solution starting at the design and vendor-selection phase, thereby increasing the likelihood that security will be considered fully throughout the implementation process.

Download the full toolkit below, which includes the following sections:

  • System overview
  • Information classification and inventory
  • Business Associate Agreements and Contracts
  • Risk Analysis
  • Identity management
  • Encryption
  • Auditing and logging
  • Contingency planning
  • Workstation requirements
  • Patching
  • Security testing
  • Vendor and developer access
  • Physical security
  • Network segmentation

Documents to download

Print
Previous Article Security Risk Assessment Overview Presentation and Templates for Health Centers
Next Article Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients
Intended AudienceHealth Center IT Staff and Leadership

Highlighted Resources & Events

Need Assistance?

Would you like more assistance regarding Privacy & Security strategies or support in using any of the include resource sets?

Request Support

The Quadruple Aim

Quadruple Aim

A Conceptual Framework

Improving the U.S. health care system requires four aims: improving the experience of care, improving the health of populations, reducing per capita costs and improving care team well-being. HITEQ Center resources seek to provide content and direction aligned with the goals of the Quadruple Aim

Learn More

Quick Feedback Request

Acknowledgements

This resource collection was cultivated and developed by the HITEQ team with valuable suggestions and contributions from HITEQ Project collaborators.

Looking for something different or have something you think could assist

HITEQ works to provide top quality resources, but know your needs can be specific. If you are just not finding the right resource or have a highly explicit need then please use the Request a Resource button below so that we can try to better understand your requirements.

If on the other hand you know of a great resource already or have one that you have developed then please get in touch with us by clicking on the Share a Resource button below. We are always on the hunt for tools that can better server Health Centers.

REQUEST A RESOURCE  SHARE A RESOURCE