Security Policies & Procedures
Section 7 - Evaluation
|Title: Periodic Evaluation of Standards||Policy: SEC-07.01|
|Category: HIPAA Compliance||Authority: 45 CFR §
HIPAA Section: 164.308(a)(8)
|Standard: Evaluation||Responsibility: Health Care Components|
|Effective Date: 04/20/2005|
|Approved by: OSU Legal Counsel||Revised: 7/1/2013|
Evaluation process to determine level of compliance with the HIPAA Security Rule.
OSU will perform a periodic technical and nontechnical evaluation, based initially upon the standards implemented under the Security Rule and, subsequently, in response to environmental or operational changes affecting the security of electronic protected health information, that establishes the extent to which OSU’s security policies and procedures meet the requirements of the Security Rule. §164.308(a)(8)
The policies and procedures shall be evaluated and edited as needed. Documentation of such evaluation shall be maintained by the designated HIPAA Official.Documentation resulting from all evaluations will be kept in the appropriate compliance area.