HIPAA Blog

[ Tuesday, September 08, 2020 ]

 

OK, there's no excuse, but I haven't blogged much and I've got a lot of items stacked up in the queue.  One of those is discussing OCR's summer cybersecurity newsletter.

But since I've been remiss, let me point out an article by Jackson Lewis on OCR's tips for conducting an IT asset inventory.  If you've played around in HIPAA security for awhile, you might think this is a required element under the Security Rule, but it's not specifically (maintenance records of IT equipment must be kept, which implies an inventory (how do you know what you've fixed, and whether a fix is due, if you don't know what you have?).  However, most security rule exercises use an asset inventory and a storage location analysis to help guide the analysis.

Jeff [8:59 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template