| Activity | Assigned To | Due Date | Completed | Notes |
| Must comply by April 21, 2005 | ||||
| Designate a security officer or officers | Line officers | 2/29/2004 | 2/3/2004 | line officers will serve as HIPAA officers |
| Perform Risk assessment to determine valuable information assets | Line officers | 2/29/2004 | 2/3/2004 | file cabinets with locks, locked mailbox for PCR's -optained |
| Develop polices to mitigate risks including: | ||||
| a. Contingency Plans | 4/30/2005 | |||
| b. Personnel Security Policies | 4/30/2005 | |||
| c. Physical Security Policies | 4/30/2005 | |||
| d. Audit Policies | 4/30/2005 | |||
| e. Media Control Policies | 4/30/2005 | |||
| f. Workstation Use/ Location Policies | 4/30/2005 | |||
| g. Authorization Control Policies | 4/30/2005 | |||
| h. Data Entity Authentication policies | 4/30/2005 | |||
| i. Security Incident Policies | 4/30/2005 | |||
| j. Record processing Polices | 4/30/2005 | |||
| k. Network Control Policies | 4/30/2005 | |||
| Determine chain of responsibility and contact points | 5/31/2005 | |||
| Determine Chains of Trust | 5/31/2005 | |||
| Create repercussions guideline for violations of implemented policies | 6/30/2005 | |||
| Develop guidelines and standards to implement required policies | 7/31/2005 | |||
| Purchase necessary equipment/software to meet policy requirements | 9/30/2005 | |||
| Develop procedures to implement the standards | 9/30/2005 | |||
| Obtain HIPAA Security certification from an outside authority | 4/21/2005 | |||
| Train Volunteers on procedures and guidelines | Ongoing | |||
| Perform regular re-assessment of Security policies | Ongoing | |||
Free web hosting for non-profit Community Service Organizations
provided by 1-2-Wonder Hosting