SecurityMetrics Blog

Auditor Tips: HIPAA Training Best Practices

Workforce members need to be given specific rules and regular training to know how to protect PHI. Regular training will remind them of the...
View Post

Auditor Tips: Monitor Your Business Associates’ Compliance

Every covered entity that uses business associates is required to obtain assurances that their business associates treat patient data the way you...

Auditor Tips: Minimum Necessary Best Practices

The minimum necessary requirement is a key part of the HIPAA Privacy Rule. The goal of this requirement isn’t to encourage organizations to...

Auditor Tips: Regularly Conduct Vulnerability Scans

Regular vulnerability scans are a critical preventative security control as they detect and assess known weaknesses that may be opening up your...

Auditor Tips: Set Up Your Intrusion Detection/Prevention System

You need a team to choose and manage an IDS/IPS. Whether it’s the responsibility of your IT Security Team,Data Loss Prevention Team, a managed...

Auditor Tips: Audit Logs and Log Monitoring

Monitoring audit logs for all critical systems and devices in your environment is key to understanding what types of events and actions occur on a...

Auditor Tips: Secure Remote Access

Remote access to tools and data is essential to employees who work from home or are unable to go into the office for health or other logistical...

Auditor Tips: Unique ID, Passwords, and Passphrases

More recently, password length, in the form of longer, memorable word strings have proven to be a more important security practice than the use of...

Auditor Tips: System Updating and Software Development

System administrators have the responsibility to ensure all system components (e.g., servers, firewalls, routers, workstations) and software are...

Auditor Tips: System Configuration

Whenever a system is configured make sure you know exactly what is running and also what is necessary to allow the system to perform its intended function.

Auditor Tips: Conduct an Accurate and Thorough Risk Analysis

Yet a complete and thorough risk analysis is one of the best ways for you and your organization to make intelligent and informed business decisions

Auditor Tips: Implement Encryption

You should implement encryption to protect PHI any time it is stored

Auditor Tips: Permanently Delete Files

Most people know how to destroy physical sensitive data, but when it comes to securely destroying electronic data, most healthcare professionals...

Auditor Tips: Know Your PHI’s Lifecycle

Fully understanding all the PHI you have, where it is stored, what processes touch it, and how it is used in your organization is critical to...

Auditor Tips: Practicing Good Cyber Hygiene

While every organization is different, the end goal of practicing good cyber hygiene is to identify vulnerabilities, minimize risk exposure, and...

Never have a false sense of security.

Talk to a specialist