Does Your Computer Security Policy Meet HIPAA Privacy Act Requirements?

Under the HIPAA privacy act, your organization has responsibilities to protect customer’s private medical information. Not only must you control how and when information is disseminated, you must also have a computer security policy in place that protects private information. Information Shield products help with development and implementation of a privacy program based on OECD Privacy Principles.

Once security and privacy policies are in place, your responsibilities under the HIPAA privacy act are not done. You must measure the effectiveness of your computer security policy to ensure that customer privacy is in fact protected. Information Shield is an authorized reseller of NetIQ’s VigilEnt Policy Center (VPC), the award-winning policy management system that allows an organization to distribute, track and measure the effectiveness of their privacy and security policies.

VPC comes with the full computer security policy library from Information Security Policies Made Easy by Charles Cresson Wood. It allows users to acknowledge that they have read and understood each policy relevant to them, quizzes them to ensure complete comprehension, and provides an incident reporting mechanism for easy tracking of violations.

VPC provides objective measurement of your organization’s compliance with the training and awareness requirements of the HIPAA privacy act or other regulations such as Sarbanes-Oxley or GLBA. It allows management to see that employees are trained correctly, and allows them to demonstrate that to external auditors.

The best computer security policy in the world doesn’t work if the employees don’t understand it. Let the VigilEnt Policy Center from Information Shield provide you with the peace of mind from knowing your security program is effective.