Security Management Process: Sanction Policy-What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the third implementation specification for the Administrative Safeguard Standard (Security Management Process). This implementation specification is required. What to Do Apply appropriate sanctions against workforce members who fail to comply with the security policies and procedures of the covered entity. How to Do It The covered entity must determine appropriate internal sanctions or penalties for violation of its security policies and procedures by workforce members. Sanctions should: » Deter noncompliant behavior, such as posting passwords on computer hardware or under a desk pad. » Serve as an incentive for compliance with security policies and procedures. The appropriate sanctions…

READ MORE