Oklahoma State University Center for Health Sciences
OSU-CHS Centernet

Security Policies & Procedures

Section 7 - Evaluation

 

Title: Periodic Evaluation of Standards Policy: SEC-07.01
Category: HIPAA Compliance Authority: 45 CFR §
HIPAA Section:
164.308(a)(8)
Standard: Evaluation Responsibility: Health Care Components
Effective Date: 04/20/2005
Download a printable PDF of this policy
Approved by: OSU Legal Counsel Revised: 7/1/2013
Purpose

Evaluation process to determine level of compliance with the HIPAA Security Rule.

Policy

OSU will perform a periodic technical and nontechnical evaluation, based initially upon the standards implemented under the Security Rule and, subsequently, in response to environmental or operational changes affecting the security of electronic protected health information, that establishes the extent to which OSU’s security policies and procedures meet the requirements of the Security Rule.  §164.308(a)(8)

The policies and procedures shall be evaluated and edited as needed.  Documentation of such evaluation shall be maintained by the designated HIPAA Official.

Documentation resulting from all evaluations will be kept in the appropriate compliance area.
Procedure
  1. The Office of IT Systems Security will perform the review of technical safeguards.  Such evaluation may include but not be limited to:  penetration analysis, password integrity and compliance.
  2. The evaluation shall include review of pertinent records; include any security incidents and breaches, personnel policies, direct observation of workplace practices and observation of compliance with policies and procedures.  The evaluation results when completed will be forwarded on to the HIPAA Compliance Office.
  1. The HIPAA Compliance Office shall review all policies and procedures related to HIPAA on no less than an annual basis to make sure they are up to date, or to modify as needed, or in cases of breach response.

top of page top

 

OSU-CHS on Facebook OSU-CHS on Twitter OSU Medicine on You Tube