Read the questions Carefully and think about the HIPAA requirements in each question. All questions are original HIPAA/NIST questionnaires without change.

164.308(a)(1)(i) standard : Security Management Process

1) Has your organization developed, disseminated, reviewed/updated,  and trained on your risk assessment policies and procedures?

Yes ()   No()

 164.308(a)(1)(ii) standard : Implementation Specifications

2) Does your organization have an analysis of current safeguards and their effectiveness relative to the identified risks?

Yes ()   No()

 164.308(a)(1)(ii)(B) standard : Risk Management

3) Does your organization have a process,procedure or communication plan on how and when your managers and staff employees and workforce will be notified of suspected inappropriate activity?

Yes ()   No()

164.308(a)(5)(i) standard: Security Awareness and training

4) Did your organizations assessment include the security training needs of sensitive data and other similar information?

Yes ()   No()

164.308(a)(6)(ii) standard: Implementation specification Response and reporting

5) Has your organization determined how it will respond to a security incident? Are there a formal documented policies and procedures?

Yes ()   No()

164.308(a)(7)(i) standard: Contingency Plan

6) Does your organizations contingency policy and plan address scope, resource, requirements, training, testing, plan maintenance and backup requirements?

Yes ()   No()

164.308(a)(7)(ii)(C) standard : Emergency mode operation plan.

7) Has your organization identified key activities and developed procedures to continue key activities during an emergency?

Yes ()   No()

164.308(a)(8) standard: Evaluation

8) Has your organization established a frequency for security evaluations, and disseminated this information to your entire organization?

Yes ()   No()

164.308(b)(1) standard : Business associate contracts and other arrangements

9) Does your organizations business associate contracts contain sufficient language to ensure that required information types are protected? including the 2009, 2010 and 2011 HITECH Act updates and inclusions?

 Yes ()   No()

164.310(B)standard : Workstation Use

10) Has your organization identified key operational risks that could result in a breach of security from all types of workstations, and trained your staff, employees and workforce members on predictable breaches?

Yes ()   No()

What to do now?