preview

Nt1330 Unit 3 Exercise 1

Good Essays
1. Signed Business Associate Agreement – This is to cover yourself, as well as to experience peace of mind. You want your host to understand and accept the risks of hosting patient health information. 2. Multiple vulnerability scans of your servers on a monthly basis – Ask for the reports, they will gladly provide them for you. 3. Mitigating discovered vulnerabilities – HIPAA compliant hosting companies should provide remediation services to fix the vulnerabilities. 4. Server hardening – Request copies for your hosting company’s server hardening steps. This will detail the process of how they apply their measures for security to your servers. 5. Regular off-site backup – Ask if they provide backups and how far away the backups are physically…show more content…
Keep a six year log retention – After you’re finished using a server, hard drives should not be used again, until they have had several passes of clean swipes. This is to be sure that PHI cannot be read again. Inquire as to what kind of process they use to wipe the hard drives clean and how many passes they make. Medical marijuana dispensaries are by law required to keep confidential all of the patient health information aggregated during patient transactions. This starts from the very first time a patient provides information, in order to qualify for a medical marijuana card. This, as well as any future patient health information, is covered under HIPAA federal law. It cannot be released to anyone without first obtaining the patient’s written consent or a court ordered subpoena. Accidents will still result in a HIPAA violation and could result in a fine. This poses a problem, especially when credit cards are used to make medical marijuana purchases from a dispensary. It is not possible to completely restrict the transaction information. This is probably why Mastercard and Visa have been hesitant to allow medical marijuana purchases. In some instances, where the purchases were allowed, high per-transaction fees essentially eliminated any feasibility to accepting credit
Get Access