The Security And Protection Of Patient Information

This Security Plan is to be implemented in a Home Health Care Center with the aim of protecting the information of patients enrolled in it. The purpose of this Policy is to clearly demonstrate the commitment of the home center management to the security and protection of patient information. Management is dedicated to fostering a culture of compliance among all employees. This Policy sets the direction, gives broad guidance, and defines the requirements for security related processes, programs, and actions across the center. The center should be committed to consistent enforcement of this Policy and cyber security. This Policy should be in directive compliance with federal reliability standards. All responsible managers and supervisors are†¦show more content†¦Both training and awareness activities should emphasize the importance of protecting and securing patient information. Persons granted access to patient information should be required to complete annual training on app licable policies and procedures, physical and electronic access controls, and proper use and handling. Training should be customized based on the need of the individual. The center should identify, classify, and protect sensitive information associated with patients. The electronic security should be done by the standards propose by HIPAA. If there were any changes the center is responsible for change control and configuration management for development, deployment, modifying, replacing, or removal of critical software. Change control associated with systems used in the access control and monitoring of the Physical Security should be the responsibility of one person. It is important to the center that appropriate access controls and processes are developed to ensure proper protection within electronic security perimeters. Technical and procedural mechanisms should be used to control electronic access at all electronic access points. In addition, there should be constant review, updating, and maintenance of all documentation which support the Electronic Security to ensure the processes and documentation reflect current configurations and practices. All modifications to the Electronic