What questions do you need to be asking yourself?
When was your last Risk Analysis? Did it include a vulnerability scan? Pen test? On-site walkthrough?
Encryption? Are your portable devices encrypted?
BYOD – do you have signed agreements in place?
What is your policy on employee use of social media? The breach notification clock starts when “known or, by exercising reasonable diligence would have been known.”
What does your HIPAA training training say about security? Or does it only address privacy? For instance, passwords, use of mobile devices, proper use of email, etc.?
Do you have a contract with your vendors? Who is paying for breach remediation?
Find us on Facebook and LinkedIn